Advertisement

Vulnerabilities in Banking Transactions with Mobile Devices Android: A Systematic Literature Review

  • Pablo F. Ordoñez-Ordoñez
  • Domingo D. Herrera-Loaiza
  • Roberth Figueroa-Diaz
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 895)

Abstract

This qualitative systematic literature review (SLR) corresponds to the search for vulnerabilities in banking transactions by means of ANDROID Intelligent mobile devices and the incidents in the users. In these devices there is leaking information that is captured by hackers and with it the dissatisfaction of users to ignore how to treat these insecurities. For this, initially of between 123 studies, 18 were selected according to the search criteria corresponding to the research questions in vulnerability and incidence, it was mainly found the bank Phishing, the injections of malware in mobile applications and to a large extent victims of bank fraud.

Keywords

Mobile applications Banking transactions Software vulnerabilities Mobile vulnerabilities Android vulnerabilities 

References

  1. 1.
  2. 2.
    IEEE Xplore Digital Library. https://ieeexplore.ieee.org/Xplore/home.jsp
  3. 3.
  4. 4.
  5. 5.
    Centro Cochrane Iberoamericano: Manual Cochrane de Revisiones Sistemáticas de Intervenciones, versión 5.1.0 (2011)Google Scholar
  6. 6.
    Cho, T., Kim, Y., Han, S., Seo, S.H.: Potential vulnerability analysis of mobile banking applications. In: 2013 International Conference on ICT Convergence (ICTC), pp. 1114–1115, October 2013.  https://doi.org/10.1109/ICTC.2013.6675570
  7. 7.
    Daryabar, F., Dehghantanha, A., Eterovic-Soric, B., Choo, K.K.R.: Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices. Aust. J. Forensic Sci. 48(6), 615–642 (2016).  https://doi.org/10.1080/00450618.2015.1110620CrossRefGoogle Scholar
  8. 8.
    Elsevier B.V.: Scopus. https://www.scopus.com/home.uri
  9. 9.
    Handojo, A., Lim, R., Andjarwirawan, J., Sunaryo, S.: Games and multimedia implementation on heroic battle of surabaya: an android based mobile device application. In: Pasila, F., Tanoto, Y., Lim, R., Santoso, M., Pah, N.D. (eds.) Proceedings of Second International Conference on Electrical Systems, Technology and Information 2015 (ICESTI 2015). LNEE, vol. 365, pp. 619–629. Springer, Singapore (2016).  https://doi.org/10.1007/978-981-287-988-2_69CrossRefGoogle Scholar
  10. 10.
    He, W., Tian, X., Shen, J.: Examining security risks of mobile banking applications through blog mining. In: MAICS, pp. 103–108 (2015)Google Scholar
  11. 11.
    Islam, S.: Systematic literature review: security challenges of mobile banking and payments system. Int. J. u-and e-Serv. Sci. Technol. 7(6), 107–116 (2014)CrossRefGoogle Scholar
  12. 12.
    Kitchenham, B.: Procedures for performing systematic reviews (2004)Google Scholar
  13. 13.
    Liang, C.: Subjective norms and customer adoption of mobile banking: Taiwan and vietnam. In: 2016 49th Hawaii International Conference on System Sciences (HICSS), pp. 1577–1585, January 2016.  https://doi.org/10.1109/HICSS.2016.199
  14. 14.
    Njenga, K., Ndlovu, S.: On privacy calculus and underlying consumer concerns influencing mobile banking subscriptions. In: Information Security for South Africa (ISSA), pp. 1–9. IEEE (2012)Google Scholar
  15. 15.
    Nosrati, L., Bidgoli, A.M.: Security assessment of mobile- banking. In: 2015 International Conference and Workshop on Computing and Communication (IEMCON), pp. 1–5, October 2015.  https://doi.org/10.1109/IEMCON.2015.7344489
  16. 16.
    OWASP: Broken Cryptography - Mobile Top 10 2014–M6. https://www.owasp.org/index.php/Mobile_Top_10_2014-M6
  17. 17.
    OWASP: Client Side Injection - Mobile Top 10 2014–M7. https://www.owasp.org/index.php/Mobile_Top_10_2014-M7
  18. 18.
    OWASP: Improper Session Handling - Mobile Top 10 2014–M9. https://www.owasp.org/index.php/Mobile_Top_10_2014-M9
  19. 19.
    OWASP: Insecure Data Storage - Mobile Top 10 2014–M2. https://www.owasp.org/index.php/Mobile_Top_10_2014-M2
  20. 20.
    OWASP: Insufficient Transport Layer Protection - Mobile Top 10 2014–M3. https://www.owasp.org/index.php/Mobile_Top_10_2014-M3
  21. 21.
    OWASP: Lack of Binary Protections - Mobile Top 10 2014–M10. https://www.owasp.org/index.php/Mobile_Top_10_2014-M10
  22. 22.
    OWASP: Poor Authorization and Authentication - Mobile Top 10 2014–M5. https://www.owasp.org/index.php/Mobile_Top_10_2014-M5
  23. 23.
    OWASP: Security Decisions Via Untrusted Inputs - Mobile Top 10 2014–M8. https://www.owasp.org/index.php/Mobile_Top_10_2014-M8
  24. 24.
    OWASP: Unintended Data Leakage - Mobile Top 10 2014–M4. https://www.owasp.org/index.php/Mobile_Top_10_2014-M4
  25. 25.
    OWASP: Weak Server Side Control - Mobile Top 10 2014–M1. https://www.owasp.org/index.php/Mobile_Top_10_2014-M1
  26. 26.
    Pistoia, M., Tripp, O., Ferrara, P., Centonze, P.: Automatic detection, correction, and visualization of security vulnerabilities in mobile apps. In: Proceedings of the 3rd International Workshop on Mobile Development Lifecycle, MobileDeLi 2015, New York, NY, USA, pp. 35–36 (2015).  https://doi.org/10.1145/2846661.2846667
  27. 27.
    Rasthofer, S., Asrar, I., Huber, S., Bodden, E.: How current Android malware seeks to evade automated code analysis. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 187–202. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-24018-3_12CrossRefGoogle Scholar
  28. 28.
    Sugiono, E., Asnar, Y., Liem, I.: Android security assessment based on reported vulnerability. In: 2014 International Conference on Data and Software Engineering (ICODSE), pp. 1–6, November 2014.  https://doi.org/10.1109/ICODSE.2014.7062686

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Facultad de EnergíaUniversidad Nacional de LojaLojaEcuador
  2. 2.ETSI Sistemas InformáticosUniversidad Politécnica de MadridMadridSpain

Personalised recommendations