nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

Keylogger Threat to the Android Mobile Banking Applications

verfasst von : Naziour Rahaman, Salauddin Rubel, Ahmed Al Marouf

Erschienen in: Computer Networks and Inventive Communication Technologies

Verlag: Springer Nature Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Android is presently the world’s most prevalent operating system, reaching more mobile customers than any other operating system to date by providing numerous services via smartphone and various android devices to make our life easy. Most of the android applications are developed by third-party android developers, android provides them an enormous platform to build their application. Modern cyber attackers are highly interested in this platform to access user’s sensitive information; with their own build malicious application or take amenities of other android developer’s application to spy on user’s activity. We have found that keyloggers can thieve personal information from users, such as credit card information or login pin/password from their typed keystroke in social networking and mobile banking apps. In case of mobile banking generally the mobile devices such as smartphones, tablets are being used for financial communications with the banks or financial institutions, by allowing clients and users to conduct a variety of transactions. In android app store (Google Play) keylogger apps are initially blocked but using some vulnerabilities in app permission it can be installed with benign and trusted apps. Both expert and maladroit android smartphone users use the mobile banking application, inexpert users are unable to find the vulnerabilities and attacker’s use this as an advantage to place an attack. The security android has provided for all the application is not sufficient for the sensitive application such as mobile banking application. In our paper, we discuss how attackers steal mobile banking app users sensitive information for their financial gain and also proposed a method to avoid keylogger attacks on android mobile banking apps.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Multimedia Text Summary Generator for Visually Impaired

Nächstes Kapitel Machine Learning-Based Network Intrusion Detection System

Help Net Security: Financial services firms most adept at making balanced security investments—Help Net Security, 2020 [Online]. https://www.helpnetsecurity.com/2018/02/14/financial-services-security-investments

Statistica: Leading Android App Categories Worldwide 2019, 2020 [Online]. https://www.statista.com/statistics/200855/favourite-smartphone-app-categories-by-share-of-smartphone-users/

Securitymagazine.com, 2020 [Online]. https://www.securitymagazine.com/articles/91660-more-than-99-billion-malware-attacks-recorded-in-2019

Marouf, A.A., Ajwad, R., Tanbin Rahid Kyser, M.: Community recommendation approach for social networking sites based on mining rules. In: 2nd IEEE International Conference on Electrical and Information and Communication Technology (iCEEiCT), Jahangirnagar University, Bangladesh, 21–23 June, 2015

Mehedi Hasan, M., Shaon, N.H., Marouf, A.A., Kamrul Hasan, M., Mahmud, H., Mohiuddin Khan, M.: Friend recommendation framework for social networking sites using user’s online behavior. In: 18th IEEE International Conference on Computer and Information Technology (ICCIT), MIST, Bangladesh, 21–23 December, 2015

Marouf, A.A., Kamrul Hasan, M., Mahmud, H.: Comparative analysis of feature selection algorithms for computational personality prediction from social media. IEEE Trans. Comput. Soc. Syst. 7(3), 587–599 (2020)

Marouf, A.A., Kamrul Hasan, M., Mahmud, H.: Identifying neuroticism from user generated content of social media based on psycholinguistic cues. In: 2019 2nd IEEE Conference on Electrical, Computer and Communication Engineering (ECCE 2019), CUET, 7–9 Feb, 2019

Hossain, R., Marouf, A.A.: BanglaMusicStylo: a stylometric dataset of bangla music lyrics. In: 1st IEEE International Conference on Bangla Speech and Language Processing (ICBSLP), SUST, 21–22 Sept 2018

Kuncoro, A., Kusuma, B.: Keylogger ıs a hacking technique that allows threatening ınformation on mobile banking user. In: 2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE), 2018

10.

Mohsen, F., Shehab, M.: Android keylogging threat. In: Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2013

11.

Cho, J., Cho, G., Kim, H.: Keyboard or keylogger?: a security analysis of third-party keyboards on android. In: 2015 13th Annual Conference on Privacy, Security and Trust (PST), 2015

12.

Enck, W., et al.: TaintDroid. ACM Trans. Comput. Syst. 32(2), 1–29 (2014)CrossRef

13.

Nauman, M., Khan, S., Zhang, X.: Apex. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security—ASIACCS’10, 2010

14.

Pearce, P., Felt, A., Nunez, G., Wagner, D.: AdDroid. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security—ASIACCS’12, 2012

15.

More, D.M.M., Nalawade, M.P.J.D.K.: Online banking and cyber attacks: the current scenario. Int. J. Adv. Res. Comput. Sci. Softw. Eng. Res. Paper, 2015

16.

Bhalaji, N.: Effıcıent and secure data utilization in mobıle edge computing by data replication. J. ISMAC 2(1), 1–12 (2020)

17.

Chen, D., Smys, S.: Social multimedia security and suspicious activity detection in SDN using hybrid deep learning technique, vol. 2, no. 2, pp. 108–115 (2020)

18.

Google Play|Android Developers: Android Developers, 2020 [Online]. https://developer.android.com/distribute/best-practices/develop/runtime-permissions

19.

Li, L., Bartel, A., Klein, J., Traon, Y.: Automatically exploiting potential component leaks in android applications. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, 2014

20.

Schartner, P., Bürger, S.: Attacking Android’s Intent Processing and First Steps Towards Protecting it. Technical Report TR-syssec-12-01, Universität Klagenfurt, 2012

21.

Wang, J., Wu, H.: Android Inter-App Communication Threats, Solutions, and Challenges. arXiv:1803.05039, 2018

22.

Baraniuk, C.: The rise of stalkerware. New Scientist 244(3257), 20–21 (2019)CrossRef

23.

RSAC: Reverse-Engineering an Android App in Five Minutes. PCMAG, 2020 [Online]. Available https://www.pcmag.com/news/rsac-reverse-engineering-an-android-app-in-five-minutes

24.

Keyboard|Android Developers: Android Developers, 2020 [Online]. https://developer.android.com/reference/android/inputmethodservice/Keyboard

25.

Google Play|Android Developers: Android Developers, 2020 [Online]. https://developer.android.com/distribute/best-practices/launch/launch-checklist

26.

Play.google.com, 2021 [Online]. https://play.google.com/store/apps/details?id=com.dbbl.mbs.apps.main&hl=en&gl=US

27.

Search Security: What is Advanced Encryption Standard (AES)? Definition from WhatIs.com, 2020 [Online]. https://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard

28.

Online Tool for AES Encryption and Decryption. devglan, 2020 [Online]. https://www.devglan.com/online-tools/aes-encryption-decryption

Titel: Keylogger Threat to the Android Mobile Banking Applications
verfasst von: Naziour Rahaman
Salauddin Rubel
Ahmed Al Marouf
Verlag: Springer Nature Singapore
Buch: Computer Networks and Inventive Communication Technologies
Print ISBN: 978-981-16-3727-8

Electronic ISBN: 978-981-16-3728-5

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-981-16-3728-5_12

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.