naa a22 4500 510797334 CHVBK 20180411083341.0 cr unu---uuuuu 180411e20131201xx s 000 0 eng 10.1007/s11277-013-1258-x doi (NATIONALLICENCE)springer-10.1007/s11277-013-1258-x Repackaging Attack on Android Banking Applications and Its Countermeasures [Elektronische Daten] [Jin-Hyuk Jung, Ju Kim, Hyeong-Chan Lee, Jeong Yi] Although anyone can easily publish Android applications (or apps) in an app marketplace according to an open policy, decompiling the apps is also easy due to the structural characteristics of the app building process, making them very vulnerable to forgery or modification attacks. In particular, users may suffer direct financial loss if this vulnerability is exploited in security-critical private and business applications, such as online banking. In this paper, some of the major Android-based smartphone banking apps in Korea being distributed on either the Android Market or the third party market were tested to verify whether a money transfer could be made to an unintended recipient. The experimental results with real Android banking apps showed that an attack of this kind is possible without having to illegally obtain any of the sender's personal information, such as the senders public key certificate, the password to their bank account, or their security card. In addition, the cause of this vulnerability is analyzed and some technical countermeasures are discussed. The Author(s), 2013 Smartphone application vulnerability nationallicence Android app repackaging nationallicence Reverse engineering nationallicence Jung Jin-Hyuk School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut Kim Ju School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut Lee Hyeong-Chan School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut Yi Jeong School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut Wireless Personal Communications Springer US; http://www.springer-ny.com 73/4(2013-12-01), 1421-1437 0929-6212 73:4<1421 2013 73 11277 https://doi.org/10.1007/s11277-013-1258-x text/html Onlinezugriff via DOI 1 research-article jats NATIONALLICENCE 856 40 https://doi.org/10.1007/s11277-013-1258-x text/html Onlinezugriff via DOI NATIONALLICENCE 700 1- Jung Jin-Hyuk School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut NATIONALLICENCE 700 1- Kim Ju School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut NATIONALLICENCE 700 1- Lee Hyeong-Chan School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut NATIONALLICENCE 700 1- Yi Jeong School of Computer Science and Engineering, Soongsil University, Seoul, Korea aut NATIONALLICENCE 773 0- Wireless Personal Communications Springer US; http://www.springer-ny.com 73/4(2013-12-01), 1421-1437 0929-6212 73:4<1421 2013 73 11277 Metadata rights reserved Springer special CC-BY-NC licence nationallicence BK010053 XK010053 XK010000 NATIONALLICENCE NATIONALLICENCE NL-springer