Security analysis of third-party in-app payment in mobile applications
作者: Wenbo Yang , Juanru Li , Yuanyuan Zhang , Dawu Gu
DOI: 10.1016/J.JISA.2019.102358
关键词:
摘要: … vulnerable apps based on the result of detection and then exploit their security flaws to prove the validity … We have implemented an Frida script to tamper the amount money to only one …
elsevier.com
sci-hub.se 参考文章(26)
Adam Bates, Kevin R. B. Butler, Bradley Reaves, Patrick Traynor, Nolen Scaife, Mo(bile) money, mo(bile) problems: analysis of branchless banking applications in the developing world usenix security symposium. pp. 17- 32 ,(2015)
Dimitrios Damopoulos, Georgios Kambourakis, Georgios Portokalidis, The best of both worlds: a framework for the synergistic operation of host and cloud anomaly-based IDS for smartphones european workshop on system security. pp. 6- ,(2014) , 10.1145/2592791.2592797
Manuel Egele, David Brumley, Yanick Fratantonio, Christopher Kruegel, An empirical study of cryptographic misuse in android applications computer and communications security. pp. 73- 84 ,(2013) , 10.1145/2508859.2516693
Eric Y. Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, Patrick Tague, OAuth Demystified for Mobile Application Developers computer and communications security. pp. 892- 903 ,(2014) , 10.1145/2660267.2660323
David Sounthiraraj, Justin Sahs, Garrett Greenwood, Zhiqiang Lin, Latifur Khan, SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23205
Fangqi Sun, Liang Xu, Zhendong Su, Detecting Logic Vulnerabilities in E-commerce Applications. network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23351
Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang, Harvesting developer credentials in Android apps wireless network security. pp. 23- ,(2015) , 10.1145/2766498.2766499
Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumgärtner, Bernd Freisleben, Why eve and mallory love android Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 50- 61 ,(2012) , 10.1145/2382196.2382205
Collin Mulliner, William Robertson, Engin Kirda, VirtualSwindle: an automated attack against in-app billing on android computer and communications security. pp. 459- 470 ,(2014) , 10.1145/2590296.2590335
Shaz Qadeer, Shuo Chen, Yuri Gurevich, Yuchen Zhou, Rui Wang, David Evans, Explicating SDKs: uncovering assumptions underlying secure authentication and authorization usenix security symposium. pp. 399- 414 ,(2013)