Cybersecurity in banking and financial sector: Security analysis of a mobile banking application

The goal of providing a totally secure mobile based internet banking environment continues to be a moving target exacerbated by the free and readily available flow of information on the Internet at the disposal of would be attackers. As new security measures are devised, new attack vectors are developed to thwart these measures. A trusted device segregated from the Internet and potential malware seems like a simple, straight-forward solution. With the rapid development of smart phones and the plethora of smart phone applications becoming developed, the lines between the cellular network and the internet are being blurred, rendering the phone a not-so-trusted device. In this paper we show how existing smart phone banking applications can be tampered to capture user information and password.