Threats and Vulnerabilities of Mobile Applications

Background

Based on the research, the chapter shows that the major attacks are phishing attacks, attacks based on the use of phone cameras, and a screenshot attack “capture me”. By this threat of the mobile application, the user credentials are stolen by an attacker. Several recent works have studied the issue of obtaining private information on smartphones using multimedia devices such as microphones and cameras if the camera is affected by malicious software. Moreover, most of the users have the impression that smartphones are just the phones installed with a variety of software and don't think of them as handheld computers that are more vulnerable to cyber-attacks. A recent survey reported that 267,259 malware-infected apps have been found, among which 254,158 reside on the Android platform (Daojing, 2015). It also suggested that the number of malware in apps has increased by 614% since 2012. The wide use of smart devices (phones and tablets) encourage the financial institution to consider mobile banking applications as a necessary service to their clients. This issue should be addressed by both preventive approaches and effective detection techniques. For preventing, the application developer should ensure this app by policies governing secure coding and privacy, which do not access any unnecessary information. Then the App market administrator should strictly verify every uploaded application and remove the suspicious app. Detecting techniques are based on signature-based or anomaly-based. In signature-based, the malware is identified by comparing the signatures with the known signature, and in anomaly-based, the normal behavior of the system is monitored and it checks for deviations from the normal behavior.