Portal de Periódicos da CAPES

Exploitation of Secrets Injected in Java Midlets

2009; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-04062-7_18

1865-0937

Alessandro Distefano, Antônio Grillo, Alessandro Lentini, Gianluigi Me, Riccardo Galbani,

Security and Verification in Computing

''The systems relying on hard coded secrets are not actually secured; obscuring a secret with a trivial encoding does not protect the secret and weakens the whole system, since it can represent the ''famous''weakest link of the security chain. In order to ease the deployment procedure and to speed up the software development lifetime, the software developers can inject secret into Midlets. Due to the Men In The Middle (MITM) threats, related to the Over The Air (OTA) download, this practice could represent a big concern for all the players of the system. This paper presents a preliminary methodology for the security assessment of Midlets based on reverse engineering. Furthermore, it presents a practical application of the methodology to two case studies.''