Philippe Mangeard, Bhaskar Tejaswi, Mohammad Mannan, Amr Youssef
{"title":"WARNE:跟踪软件证据收集工具","authors":"Philippe Mangeard, Bhaskar Tejaswi, Mohammad Mannan, Amr Youssef","doi":"10.1016/j.fsidi.2023.301677","DOIUrl":null,"url":null,"abstract":"<div><p>Intimate partner violence (IPV) is a form of abuse in romantic relationships, more frequently, against the female partner. IPV can vary in severity and frequency, ranging from emotional abuse or stalking to recurring and severe violent episodes over a long period. Easy access to stalkerware apps helps foster such behaviors by allowing non-tech-savvy individuals to spy on their victims. These apps offer features for discreetly monitoring and remotely controlling compromised mobile devices, thereby infringing the victim's privacy and the security of their data. In this work, we investigate methods for gathering evidence about an abuser and the stalkerware they employ on a victim's device. We develop a semi-automated tool intended for use by investigators, helping them to analyze Android phones for potential threats in cases of IPV stalkerware. As a first step towards this goal, we perform an experimental privacy and security study to investigate currently available stalkerware apps. We specifically study the vectors through which vulnerabilities found in stalkerware apps could be exploited by investigators, allowing them to gather information about the IPV services, IPV abusers, and the victims' stolen data. We then design and implement a tool called <span>WARNE</span>, leveraging the identified flaws to facilitate the information and evidence collection process. In our experiments, we identified 50 unique stalkerware apps and their corresponding download websites that are still reachable, including one available on the Google Play Store. Among these apps, we found 30 that were free or offered a free trial. We enumerated and experimentally verified several invasive capabilities offered by these apps to clearly identify the severe privacy risks posed by them. We also found that most stalkerware apps store private information locally on the compromised device, potentially giving away information about the abuser. Our evidence-gathering tool found data related to the abuser and/or the stalkerware company, such as account credentials, dashboard URLs, and API tokens in 20 apps out of 30 tested apps. We hope our tool will help IPV victims and investigators against the growing threat of stalkerware abuse.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"48 ","pages":"Article 301677"},"PeriodicalIF":2.0000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281723001968/pdfft?md5=1b6f141e02aa6980d7dac8f91ca37e2d&pid=1-s2.0-S2666281723001968-main.pdf","citationCount":"0","resultStr":"{\"title\":\"WARNE: A stalkerware evidence collection tool\",\"authors\":\"Philippe Mangeard, Bhaskar Tejaswi, Mohammad Mannan, Amr Youssef\",\"doi\":\"10.1016/j.fsidi.2023.301677\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Intimate partner violence (IPV) is a form of abuse in romantic relationships, more frequently, against the female partner. IPV can vary in severity and frequency, ranging from emotional abuse or stalking to recurring and severe violent episodes over a long period. Easy access to stalkerware apps helps foster such behaviors by allowing non-tech-savvy individuals to spy on their victims. These apps offer features for discreetly monitoring and remotely controlling compromised mobile devices, thereby infringing the victim's privacy and the security of their data. In this work, we investigate methods for gathering evidence about an abuser and the stalkerware they employ on a victim's device. We develop a semi-automated tool intended for use by investigators, helping them to analyze Android phones for potential threats in cases of IPV stalkerware. As a first step towards this goal, we perform an experimental privacy and security study to investigate currently available stalkerware apps. We specifically study the vectors through which vulnerabilities found in stalkerware apps could be exploited by investigators, allowing them to gather information about the IPV services, IPV abusers, and the victims' stolen data. We then design and implement a tool called <span>WARNE</span>, leveraging the identified flaws to facilitate the information and evidence collection process. In our experiments, we identified 50 unique stalkerware apps and their corresponding download websites that are still reachable, including one available on the Google Play Store. Among these apps, we found 30 that were free or offered a free trial. We enumerated and experimentally verified several invasive capabilities offered by these apps to clearly identify the severe privacy risks posed by them. We also found that most stalkerware apps store private information locally on the compromised device, potentially giving away information about the abuser. Our evidence-gathering tool found data related to the abuser and/or the stalkerware company, such as account credentials, dashboard URLs, and API tokens in 20 apps out of 30 tested apps. We hope our tool will help IPV victims and investigators against the growing threat of stalkerware abuse.</p></div>\",\"PeriodicalId\":48481,\"journal\":{\"name\":\"Forensic Science International-Digital Investigation\",\"volume\":\"48 \",\"pages\":\"Article 301677\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2024-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2666281723001968/pdfft?md5=1b6f141e02aa6980d7dac8f91ca37e2d&pid=1-s2.0-S2666281723001968-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Forensic Science International-Digital Investigation\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2666281723001968\",\"RegionNum\":4,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281723001968","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
亲密伴侣暴力(IPV)是恋爱关系中的一种虐待形式,更常见的是对女性伴侣的虐待。IPV 的严重程度和频率各不相同,从情感虐待或跟踪到长期反复发生的严重暴力事件。跟踪软件应用程序很容易获取,允许不懂技术的人监视受害者,从而助长了这种行为。这些应用程序提供了隐蔽监控和远程控制受损移动设备的功能,从而侵犯了受害者的隐私和数据安全。在这项工作中,我们研究了收集有关施暴者及其在受害者设备上使用的跟踪软件的证据的方法。我们开发了一种供调查人员使用的半自动化工具,帮助他们分析安卓手机在 IPV 跟踪软件案件中的潜在威胁。作为实现这一目标的第一步,我们进行了一项隐私和安全实验研究,以调查目前可用的跟踪软件应用程序。我们特别研究了跟踪软件应用程序中发现的漏洞可被调查人员利用的途径,使他们能够收集有关 IPV 服务、IPV 施暴者和受害者被盗数据的信息。然后,我们设计并实施了一款名为 WARNE 的工具,利用已发现的漏洞促进信息和证据收集过程。在我们的实验中,我们发现了 50 个独特的跟踪软件应用程序及其相应的下载网站,其中包括一个可在 Google Play 商店下载的网站。在这些应用程序中,我们发现了 30 个免费或提供免费试用的应用程序。我们列举并通过实验验证了这些应用程序提供的几种入侵功能,以清楚地识别它们带来的严重隐私风险。我们还发现,大多数跟踪软件都会在受损设备上本地存储私人信息,从而有可能泄露施暴者的信息。我们的证据收集工具在 30 个测试应用程序中的 20 个应用程序中发现了与施暴者和/或跟踪软件公司相关的数据,如帐户凭据、仪表板 URL 和 API 标记。我们希望我们的工具能够帮助 IPV 受害者和调查人员应对日益严重的跟踪软件侵权威胁。
Intimate partner violence (IPV) is a form of abuse in romantic relationships, more frequently, against the female partner. IPV can vary in severity and frequency, ranging from emotional abuse or stalking to recurring and severe violent episodes over a long period. Easy access to stalkerware apps helps foster such behaviors by allowing non-tech-savvy individuals to spy on their victims. These apps offer features for discreetly monitoring and remotely controlling compromised mobile devices, thereby infringing the victim's privacy and the security of their data. In this work, we investigate methods for gathering evidence about an abuser and the stalkerware they employ on a victim's device. We develop a semi-automated tool intended for use by investigators, helping them to analyze Android phones for potential threats in cases of IPV stalkerware. As a first step towards this goal, we perform an experimental privacy and security study to investigate currently available stalkerware apps. We specifically study the vectors through which vulnerabilities found in stalkerware apps could be exploited by investigators, allowing them to gather information about the IPV services, IPV abusers, and the victims' stolen data. We then design and implement a tool called WARNE, leveraging the identified flaws to facilitate the information and evidence collection process. In our experiments, we identified 50 unique stalkerware apps and their corresponding download websites that are still reachable, including one available on the Google Play Store. Among these apps, we found 30 that were free or offered a free trial. We enumerated and experimentally verified several invasive capabilities offered by these apps to clearly identify the severe privacy risks posed by them. We also found that most stalkerware apps store private information locally on the compromised device, potentially giving away information about the abuser. Our evidence-gathering tool found data related to the abuser and/or the stalkerware company, such as account credentials, dashboard URLs, and API tokens in 20 apps out of 30 tested apps. We hope our tool will help IPV victims and investigators against the growing threat of stalkerware abuse.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
