TY - GEN
T1 - Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities
AU - Sharma, Tanusree
AU - Dyer, Hunter A.
AU - Campbell, Roy H.
AU - Bashir, Masooda
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps’ functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.
AB - Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps’ functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.
UR - http://www.scopus.com/inward/record.url?scp=85112504259&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85112504259&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-80119-9_72
DO - 10.1007/978-3-030-80119-9_72
M3 - Conference contribution
AN - SCOPUS:85112504259
SN - 9783030801182
T3 - Lecture Notes in Networks and Systems
SP - 1082
EP - 1096
BT - Intelligent Computing - Proceedings of the 2021 Computing Conference
A2 - Arai, Kohei
PB - Springer Science and Business Media Deutschland GmbH
T2 - Computing Conference, 2021
Y2 - 15 July 2021 through 16 July 2021
ER -