摘要
针对微信系统在智能手机平台上存在的安全问题,以OWASP(Open Web Application Security Project)发布的2016年十大移动易攻击分类为依据,分析微信系统在Android和i OS两大主流智能手机平台上的安全性,研究发现存在"不安全的数据存储"、"不安全的通信"、"不安全的认证"、"不安全的授权"、"加密不足"等影响用户信息安全的五种情形。从微信系统用户登录设计和用户数据存储两方面,提出通过修改微信默认登录设置、添加数据噪音和改变聊天数据表索引的建议,以提高微信系统安全性。
Regarding the security problems of WeChat system on the smartphone platform,this paper analyzes the security of WeChat App on both Android and iOS platforms,based on the 2016 top 10 mobile vulnerabilities category of OWASP( Open Web Application Security Project)-i.e. " Insecure Data Storage", " Insecure Communication", " Insecure Authentication", " Insufficient Cryptography", " Insecure Authorization" are found existing on both of Android and iOS platforms. Finally,based on the findings,this paper presents two recommendations on securing the App( i.e. enhancing the default login settings,the noise data and the index of chat table)
作者
张建珍
ZHANG Jianzhen(Department of Information Engineering,Shanxi Institute of Mechanical &Electrical Engineering,Changzhi Shanxi 046011,China;School of Information Technology &Mathematical Sciences,University of South Australia,Australia Adelaide SA 5095,Australia)
出处
《智能计算机与应用》
2018年第4期116-120,共5页
Intelligent Computer and Applications
基金
山西机电职业技术学院院课题(JKY-17027)
关键词
移动应用程序
微信
隐私保护
登录安全
存储安全
关联分析
mobile application
WeChat
privacy protection
login security
storage security
relevant analysis
