A Study on Method for Bypassing Verification Function by Manipulating Return Value of Android Payment Application's Security Solution |
You, Jaewook
(Gachon University)
Han, Mijeong (Chosun University) Kim, Kyuheon (Korea University) Jang, Junyoung (Korea University) Jin, Hoyong (Sejong University) Ji, Hanbyeol (Seoul National University of Science and Technology) Shin, Jeonghoon (THEORI) Kim, Kyounggon (Center for Information Security Technologies(CIST), Korea University) |
1 | Jin-Hyuk Jung, Ju Young Kim, Hyeong-Chan Lee, and Jeong Hyun Yi, "Repackaging Attack on Android Banking Applications and Its Countermeasures," Wireless Personal Communications, Vol. 73, Issue. 4, pp. 1421-1437, Dec. 2013 DOI |
2 | Hyunjo Kim and Jin-Young Choi, "Research on Secure Coding and Weakness for Implementation of Android-based Dynamic Class Loading," Journal of Korea Multimedia Society, 19(10), pp. 1792-1807, Oct. 2016 DOI |
3 | Jeong-min Kim, "A study on the vulnerability strengthening of android banking app using dynamic key value," Master's Thesis, Hannam University, Feb. 2017 |
4 | Chanhee Lee, Yoon-Sik Jeong, and Seong-Je Cho, "A Method to Protect Android Applications against Reverse Engineering," Journal of Security Engineering, 10(1), pp. 41-50, Feb. 2013 |
5 | Hyung-Woo Lee, "Android based Mobile Device Rooting Attack Detection and Response Mechanism using Events Extracted from Daemon Processes," Journal of The Korea Institute of Information Security & Cryptology, 23(3), pp. 479-490, Jun. 2013 DOI |
6 | Taehun Kim, Hyeonmin Ha, Seoyoon Choi, Jaeyeon Jung, and Byung-Gon Chun, "Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps.," Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 179-192, Apr. 2017 |
7 | JEB decompiler software, "JEB", https://www.pnfsoftware.com/, Oct. 2017 |
8 | A tool for reverse engineering Android apk open source, "apktool", https://github.com/iBotPeaches/Apktool, Oct. 2017 |
9 | Kyounggon Kim, "Countermeasure of e-payment app security solution problem," The Korea Contents Association, 16(2), pp. 14-19, Jun. 2018 |
10 | Kyuheon Kim, Mijeong Han, Jaewook You, Junyoung Jang, Hoyong Jin, Hanbyeol Ji, Kyounggon Kim, and Jeonghoon Shin, "A Study on Countermeasure for Bypassing Android Security Solution through Manipulating Return Value," Proceedings of the Korea Institutes of Information Security and Cryptology Conference, Dec. 2017 |
11 | Tim Strazzere, "Dex Education: Practicing Safe Dex," Blackhat USA 2012, Jul. 2012 |
12 | Financial Security Institute, "E-Finance And Financial Security," Financial Security Institute, 1(15), pp. 67-98, Jul. 2015 |
13 | Timothy W.Martin, "North Korea's Army of Hackers Has a New Target: Bank Accounts," The Wall Street Journal, Jul. 2017 |
14 | "Survey on Mobile Payment Service (Fintech1)," Korea consumer Agency, pp. 1-2, May. 2016 |
15 | "Payment trend in the first half of 2017," The Bank of Korea, pp. 2, Sep. 2017 |
16 | "State of Security in the App Economy: Mobile Apps Under Attack," ARXAN, Vol. 1, Research Report, Aug. 2012 |
17 | Kyounggon Kim, "Study on Security Diagnosis Method for Android Mobile App," Master's Thesis, Korea University, Feb. 2015 |
18 | "HPE Security Research - Cyber Risk Report 2016," Hewlett Packard Enterprise, pp. 42, Feb. 2016 |
19 | Heesok Seo, "Status of Legal Regulations on Electronic Payments in Korea," Journal of Consumer Law, 2(2), pp. 155-176, Sep. 2016 |
20 | Woojin Lee and Kyungho Lee, "A Study on the Vulnerability of Using Intermediate Language in Android: Bypassing Security Check Point in Android-Based Banking Applications," Journal of The Korea Institute of Information Security & Cryptology, 27(3), pp. 549-562, Jun. 2017 DOI |
21 | Soonil Kim, Sunghoon Kim, and Dong Hoon Lee, "A study on the vulnerability of integrity verification functions of android-based smartphone banking applications," Journal of The Korea Institute of Information Security & Cryptology, 23(4), pp. 743-755, Aug. 2013 DOI |