CaptureMe: Attacking the User Credential in Mobile Banking Applications
作者: Mohamed El-Serngawy , Chamseddine Talhi
DOI: 10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.466
关键词: Computer science 、 Optical character recognition 、 Financial institution 、 SMS banking 、 Malware 、 World Wide Web 、 Password 、 Mobile banking 、 Android (operating system) 、 Credential 、 Computer security
摘要: Recently, the wide use of smart devices (phones and tablets) encourage financial institution to consider mobile banking applications as a necessity service their clients. In this paper, we propose screenshot attack "CaptureMe" investigate security risks password visibility feature on Android platform with applications. CaptureMe used different known techniques take images applied highly efficient Optical Character Recognition (OCR) analysis using tesseract-ocr engine extract user credential from taken images. We also explore possible protection mechanisms against more than 130 exist in Google play store.
etsmtl.ca
sci-hub.st 参考文章(12)
Zhongwen Zhang, Yuewu Wang, Jiwu Jing, Qiongxiao Wang, Lingguang Lei, Once Root Always a Threat: Analyzing the Security Threats of Android Permission System Information Security and Privacy. pp. 354- 369 ,(2014) , 10.1007/978-3-319-08344-5_23
Chia-Chi Lin, Hongyang Li, Xiaoyong Zhou, XiaoFeng Wang, Screenmilker: How to Milk Your Android Screen for Secrets. network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23049
R. Smith, An Overview of the Tesseract OCR Engine international conference on document analysis and recognition. ,vol. 2, pp. 629- 633 ,(2007) , 10.1109/ICDAR.2007.4376991
Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, Stefano Zanero, A fast eavesdropping attack against touchscreens information assurance and security. pp. 320- 325 ,(2011) , 10.1109/ISIAS.2011.6122840
Florian Schaub, Ruben Deyhle, Michael Weber, Password entry usability and shoulder surfing susceptibility on different smartphone platforms mobile and ubiquitous multimedia. pp. 13- ,(2012) , 10.1145/2406367.2406384
Xavier de Carné de Carnavalet, Mohammad Mannan, From Very Weak to Very Strong: Analyzing Password-Strength Meters network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23268
Yuru Shao, Xiapu Luo, Chenxiong Qian, RootGuard: Protecting Rooted Android Phones IEEE Computer. ,vol. 47, pp. 32- 40 ,(2014) , 10.1109/MC.2014.163
Rahul Raguram, Andrew M. White, Dibyendusekhar Goswami, Fabian Monrose, Jan-Michael Frahm, iSpy Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 527- 536 ,(2011) , 10.1145/2046707.2046769
Ray Smith, Daria Antonova, Dar-Shyang Lee, Adapting the Tesseract open source OCR engine for multilingual OCR Proceedings of the International Workshop on Multilingual OCR - MOCR '09. pp. 1- ,(2009) , 10.1145/1577802.1577804
Janis Danisevskis, Tobias Fiebig, Marta Piekarska, A metric for the evaluation and comparison of keylogger performance CSET'14 Proceedings of the 7th USENIX conference on Cyber Security Experimentation and Test. pp. 7- 7 ,(2014)