Files in this item



application/pdfSAIConference_PAPER_Camera ready TS.pdf (693kB)
(no description provided)PDF


Title:Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities
Author(s):Tanusree Sharma, Hunter A. Dyer , Roy H. Campbell, Masooda Bashir
Subject(s):Mobile apps, Privacy risks, Threat likelihood, COVID-19
Abstract:Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps’ functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.
Issue Date:2021
Citation Info:Tanusree Sharma, Hunter A. Dyer, Roy H. Campbell, Masooda Bashir. Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities
Conference Paper / Presentation
Date Available in IDEALS:2021-01-30

This item appears in the following Collection(s)

Item Statistics