Title: Security model on mobile banking application: attack simulation and countermeasures

Authors: Yacouba Kouraogo; Karim Zkik; Noreddine El Janati El Idrissi; Ghizlane Orhanou

Addresses: Laboratory of Mathematics, Computer Sciences and Applications, Faculty of Sciences, Mohammed V University, Rabat, Morocco ' Laboratory of Mathematics, Computer Sciences and Applications, Faculty of Sciences, Mohammed V University, Rabat, Morocco ' Laboratory of Mathematics, Computer Sciences and Applications, Faculty of Sciences, Mohammed V University, Rabat, Morocco ' Laboratory of Mathematics, Computer Sciences and Applications, Faculty of Sciences, Mohammed V University, Rabat, Morocco

Abstract: Nowadays, we use mobile devices in all activities such as communication, play, surf on the internet, shop online and banking transactions. But the applications used do not always comply with the security requirements on mobile environment and this can cause vulnerabilities allowing attackers to take control of the phone and to steal some users' private data. That is why, it is important to take a look at the security of mobile applications especially of financial institutions. In this paper, we will present some security issues of android applications. We will also make a reverse engineering of an Android banking application, then a static analysis of its code to detect its weaknesses. After that, we will insert a malicious code that will help us not only to take control of the smartphone but also to make a DDOS attack on a simulated bank server. Finally, we will propose some countermeasures.

Keywords: mobile malware; reverse engineering; static analysis; DDOS attack.

DOI: 10.1504/IJIE.2017.087014

International Journal of Intelligent Enterprise, 2017 Vol.4 No.1/2, pp.155 - 167

Received: 06 Jan 2017
Accepted: 10 May 2017

Published online: 04 Oct 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article