IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v10y2018i2p13-d129538.html
   My bibliography  Save this article

Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications

Author

Listed:
  • Pierpaolo Loreti

    (Electronic Engineering Department, University of Rome Tor Vergata, 00173 Rome, Italy)

  • Lorenzo Bracciale

    (Electronic Engineering Department, University of Rome Tor Vergata, 00173 Rome, Italy)

  • Alberto Caponi

    (Electronic Engineering Department, University of Rome Tor Vergata, 00173 Rome, Italy)

Abstract

Popular mobile apps use push notifications extensively to offer an “always connected” experience to their users. Social networking apps use them as a real-time channel to notify users about new private messages or new social interactions (e.g., friendship request, tagging, etc.). Despite the cryptography used to protect these communication channels, the strict temporal binding between the actions that trigger the notifications and the reception of the notification messages in the mobile device may represent a privacy issue. In this work, we present the push notification attack designed to bind the physical owners of mobile devices with their virtual identities, even if pseudonyms are used. In an online attack, an active attacker triggers a push notification and captures the notification packets that transit in the network. In an offline attack, a passive attacker correlates the social network activity of a user with the received push notification. The push notification attack bypasses the standard ways of protecting user privacy based on the network layer by operating at the application level. It requires no additional software on the victim’s mobile device.

Suggested Citation

  • Pierpaolo Loreti & Lorenzo Bracciale & Alberto Caponi, 2018. "Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications," Future Internet, MDPI, vol. 10(2), pages 1-17, January.
    • Handle: RePEc:gam:jftint:v:10:y:2018:i:2:p:13-:d:129538
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/10/2/13/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/10/2/13/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Georgios Kambourakis & Felix Gomez Marmol & Guojun Wang, 2018. "Security and Privacy in Wireless and Mobile Networks," Future Internet, MDPI, vol. 10(2), pages 1-3, February.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:10:y:2018:i:2:p:13-:d:129538. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.