Comparative Vulnerability Analysis of Thai and Non-Thai Mobile Banking Applications

Autor: Chatphat Titiakarawongse, Sasiyaporn Taksin, Jidapa Ruangsawat, Kunthida Deeduangpan, Sirapat Boonkrong
Jazyk: angličtina
Rok vydání: 2024
Předmět:
Zdroj: Journal of Cybersecurity and Privacy, Vol 4, Iss 3, Pp 650-662 (2024)
Druh dokumentu: article
ISSN: 2624-800X
DOI: 10.3390/jcp4030031
Popis: The rapid adoption of mobile banking applications has raised significant concerns about their security vulnerabilities. This study presents a comparative vulnerability analysis of mobile banking applications from Thai and non-Thai banks, utilising the OWASP Mobile Top 10 framework. Nine mobile banking applications (five Thai and four non-Thai) were assessed using three vulnerability detection tools: AndroBugs, MobSF, and QARK. The results showed that both Thai and non-Thai mobile banking applications had vulnerabilities across multiple OWASP Mobile Top 10 categories, with reverse engineering, code tampering, and insufficient cryptography being the most common. Statistical analysis revealed that Thai banking applications exhibited significantly more vulnerabilities compared to non-Thai banking applications. In the context of vulnerability detection tools, AndroBugs and QARK proved more effective in detecting vulnerabilities compared to MobSF. Additionally, the study highlights critical security challenges in mobile banking applications, particularly for Thai banks, and emphasises the need for enhanced security measures. The findings also show the importance of using multiple assessment tools for comprehensive security evaluation and suggest potential areas for improvement in mobile banking applications.
Databáze: Directory of Open Access Journals