False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps
| Autor: | Micha Horlboge, Christian Wressnegger, Konrad Rieck, Ansgar Kellner |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
021110 strategic
defence & security studies Authentication Computer science 0211 other engineering and technologies 02 engineering and technology Login Computer security computer.software_genre Popularity App store 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing State (computer science) Mobile device Database transaction computer |
| Zdroj: | EuroS&P |
| DOI: | 10.1109/eurosp.2019.00011 |
| Popis: | People increasingly rely on mobile devices for banking transactions or two-factor authentication (2FA) and thus trust in the security provided by the underlying operating system. Simultaneously, jailbreaks gain tremendous popularity among regular users for customizing their devices. In this paper, we show that both do not go well together: Jailbreaks remove vital security mechanisms, which are necessary to ensure a trusted environment that allows to protect sensitive data, such as login credentials and transaction numbers (TANs). We find that all but one banking app, available in the iOS App Store, can be fully compromised by trivial means without reverse-engineering, manipulating the app, or other sophisticated attacks. Even worse, 44% of the banking apps do not even try to detect jailbreaks, revealing the prevalent, errant trust in the operating system's security. This study assesses the current state of security of banking apps and pleads for more advanced defensive measures for protecting user data. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|