Differential Collisions in SHA-1

Abdurakhimov, Bakhtiyor; Allanov, Orif; Ilkhom, Boykuziev; Turakulovich, Khudoykulov Zarif

doi:10.1109/icisct50599.2020.9351441

Cited by 8 publications

(1 citation statement)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SHA-1 is a weak hash function known to have hash collisions, making it vulnerable to differential cryptanalysis. This vulnerability makes it easier for attackers to create collision attacks, creating two different inputs that produce the same hash value, which can be used for malicious purposes [17]. In Figure 20, this code snippet uses the SHA-1 hash algorithm to generate a hash value from the given byte array.…”

Section: Sha-1mentioning

confidence: 99%

Android Apps Vulnerability Detection with Static and Dynamic Analysis Approach using MOBSF

Kusreynada,

Barkah

2024

J. Comput. Sci. Eng

View full text Add to dashboard Cite

Ensuring the security of Android applications is paramount, especially for apps like Mobile JKN, launched by the Social Security Agency on Health “BPJS Kesehatan” under the Ministry of Health Republic Indonesia, which contain sensitive participant data. Such information is often targeted by cybercriminals seeking personal gain through data theft by exploiting security vulnerabilities within the application. To address these risks, a thorough analysis was conducted to detect security loopholes in the Mobile JKN application. The study used the Mobile Security Framework (MOBSF) tools and involved static and dynamic analyses. Despite the application’s implementation of secure SSL Pinning and detection of rooted devices, the static analysis revealed potential security loopholes, including dangerous permission access, weak cryptographic methods, and vulnerable hardcoded secrets. Moreover, the application was found vulnerable to Janus, SQL Injection, and padding oracle attacks. While the dynamic analysis showed satisfactory implementation of SSL Pinning and no performance degradation, it also revealed that root detection was lacking, and debugger connections were not detected while the application was running. These findings emphasize the critical need for immediate security enhancements in the Mobile JKN application.

show abstract

Section: Sha-1mentioning

confidence: 99%