Abstract
Mobile banking activity plays a major role for M-Commerce (Mobile-Commerce) applications in our daily life. With the increasing usage on mobile phones, vulnerabilities against these devices raised exponentially. The privacy and security of confidential financial data is one of the major issues in mobile devices. Android is the most popular operating system, not only to users but also for companies and vendors or (developers in android) of all kinds. Of course, because of this reason, it’s also become quite popular to malicious adversaries. For this, mobile security and risk assessment specialists and security engineers are in high demand. In this paper, we propose STAMBA (Security Testing for Android Mobile Banking Apps) and demonstrate tools at different levels. These supported tools are used to find threats at a mobile application code level, communication or network level, and at a device level. We give a detailed discussion about vulnerabilities that help design for further app development and a detailed automated security testing for mobile banking applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blasco, J.: Introduction to android malware analysis (2012)
Carrier, B.: The sleuth kit (TSK) (2010). http://www.sleuthkit.org/sleuthkit/
Chakraborti, S., Acharjya, D., Sanyal, S.: Application security framework for mobile app development in enterprise setup (2015). arXiv preprint arXiv:1503.05992
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)
Combs, G.: Wireshark: Go deep (2009). homepage for wireshark
Delac, G., Silic, M., Krolo, J.: Emerging security threats for mobile platforms. In: MIPRO, 2011 Proceedings of the 34th International Convention, pp. 1468–1473. IEEE (2011)
Dunham, K., Hartman, S., Quintans, M., Morales, J.A., Strazzere, T.: Android Malware and Analysis. CRC Press (2014)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: USENIX Security Symposium, vol. 2, p. 2 (2011)
Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Security & Privacy 1, 50–57 (2009)
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android ssl (in) security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 50–61. ACM (2012)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)
He, D.: Security threats to android apps. Ph.D. thesis, Masters thesis, University of Illinois at Urbana-Champaign (2014)
Hu, X., Li, W., Hu, Q.: Are mobile payment and banking the killer apps for mobile commerce? In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences, pp. 84–84. IEEE (2008)
Hunt, R.: Security testing in android networks-a practical case study. In: 2013 19th IEEE International Conference on Networks (ICON), pp. 1–6. IEEE (2013)
Kathuria, A., Gupta, A.: Challenges in android application development: A case study (2015)
King, J.: Android application security with owasp mobile top 10 2014. Ph.D. thesis, Masters thesis, LuleĂ¥ University of Technology (2014)
Lee, H., Zhang, Y., Chen, K.L.: An investigation of features and security in mobile banking strategy. Journal of International Technology and Information Management 22(4), 2 (2013)
Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K., Capkun, S.: Personalized security indicators to detect application phishing attacks in mobile platforms (2015). arXiv preprint arXiv:1502.06824
Mobile Security Testing Guide: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=M-Security_Testing//
Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. Security and Communication Networks 5(6), 658–673 (2012)
https://www.labs.mwrinfosecurity.com/tools/2012/03/16/mercury
https://www.wireshark.org (accessed February 20, 2015)
https://portswigger.net/burp/ (accessed February 20, 2015)
https://www.opnessl.org/ (accessed March 11, 2015)
https://www.virustotal.com/ (accessed May 10, 2015)
https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture (accessed May 10, 2015)
Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of android social-messaging applications. Digital Investigation 14, S77–S84 (2015)
Wang, Y., Alshboul, Y.: Mobile security testing approaches and challenges. In: 2015 First Conference on Mobile and Secure Services (MOBISECSERV), pp. 1–5. IEEE (2015)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the android ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 31–40. ACM (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Bojjagani, S., Sastry, V.N. (2016). STAMBA: Security Testing for Android Mobile Banking Apps. In: Thampi, S., Bandyopadhyay, S., Krishnan, S., Li, KC., Mosin, S., Ma, M. (eds) Advances in Signal Processing and Intelligent Recognition Systems. Advances in Intelligent Systems and Computing, vol 425. Springer, Cham. https://doi.org/10.1007/978-3-319-28658-7_57
Download citation
DOI: https://doi.org/10.1007/978-3-319-28658-7_57
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28656-3
Online ISBN: 978-3-319-28658-7
eBook Packages: EngineeringEngineering (R0)