Attacks on Android banking applications

摘要

Today, over 50 % of the world population use mobile applications to manage every day their daily activities. These offer the opportunities to use multiple services such as e-commerce, social networks and e-banking. But, they don't always respect the security requirements such as privacy and data user protection. And the security breaches give to attackers the possibility to perform several attacks on mobile devices by compromising mobile applications. We are interested in this paper to the security of mobile banking applications. For this, we have made the reverse engineering of an Android application to show its weaknesses and to show the possibility to make a DDOS attack to a bank server via a compromised mobile banking application. In this paper we will present some applications security issues offered by Android security model, we will make a reverse engineering of an Android banking application, and then do static analysis of its code to detect its weaknesses. After that, it become possible to insert a malicious activity that will help us to take control of the smartphone and make a DDOS attack on a simulated bank server. Finally, we will propose some measures that will help developers to enhance their mobile applications security.