Browse > Article
http://dx.doi.org/10.7472/jksii.2013.14.3.15

An Analysis on the Vulnerability of Secure Keypads for Mobile Devices  

Lee, Yunho (Dept. of Cyber Security & Police, Gwangju University)
Publication Information
Journal of Internet Computing and Services / v.14, no.3, 2013 , pp. 15-21 More about this Journal
Abstract
Due to the widespread propagation of mobile platforms such as smartphones and tablets, financial and e-commercial transactions based on these mobile platforms are growing rapidly. Unlike PCs, almost all mobile platforms do not provide physical keyboards or mice but provide virtual keypads using touchscreens. For this reason, an attacker attempts to obtain the coordinates of touches on the virtual keypad in order to get actual key values. To tackle this vulnerability, financial applications for mobile platforms use secure keypads, which change position of each key displayed on the virtual keypad. However, these secure keypads cannot protect users' private information more securely than the virtual keypads because each key has only 2 or 3 positions and moreover its probability distribution is not uniform. In this paper, we analyze secure keypads used by the most financial mobile applications, point out the limitation of the previous research, and then propose a more general and accurate attack method on the secure keypads.
Keywords
Mobile Security; Secure Keypads; Personal Information; Keylogger;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 이동현, 배동환, 유승록, 채진영, 이윤호, 양형규, "Security Analysis on the Keypad for Smartphones", Review of KIISC, Vol. 21, No. 7, KIISC, 2011, pp. 30-37.
2 MK News, "국내 스마트폰 가입자 3000만명 돌파 전 망", http://news.mk.co.kr/newsRead.php?year=2012&no= 469973.
3 MoneyToday, "모바일뱅킹 고객 3천만. '스마트폰' 열풍 덕", http://news.mt.co.kr/mtview.php?no=2012 081609493763978&type=1.
4 Roland M., Langer J. and Scharinger J., "Practical Attack Scenarios on Secure Element-Enabled Mobile Devices," 2012 4th International Workshop on Near Field Communication, 2012, pp. 19-24.
5 Porras P., Saidi H. and Yegneswaran V., "An Analysis of the iKee.B iPhone Botnet," MobiSec 2010, 2010, pp. 141-152.
6 Vidasa T., Zhangb C. and Christin N., "Toward a general collection methodology for Android devices," 11th Annual Digital Forensics Research Conference, 2011, pp. S14-S24.
7 Schmidt, A. D., Schmidt, H. G., Batyuk, L., Clausen, J. H., Camtepe, S. A., Albayrak, S. and Yildizli, C., "Smartphone malware evolution revisited: Android next target?," 4th International Conference on Malicious and Unwanted Software, 2009, pp. 1-7.
8 Sanders, B. M., "Privacy and Security Enhancements for Android Applications," Thesis of Master of Science in Computer Science, University of California, 2008.
9 La Polla, M., Martinelli, F. and Sgandurra, D., "A Survey on Security for Mobile Devices," IEEE Communications Surveys & Tutorials, 2012, pp. 1-26.
10 AhnLab, "An Android Malwares for the APT attacks", Ahnlab ASEC Report Vol. 31, 2012.
11 Guo, C, Wang, H. J. and Zhu, W., "Smart-phone attacks and defenses," Proceedings of the 3rd Workshop on Hot Topics in Networks, 2004.
12 Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y. and Dolev, S., "Google Android: A State-of-the-Art Review of Security Mechanisms," CoRR abs/ 0912.5101, 2009.
13 Chin, E., Felt, A. P., Sekar, V. and Wagner, D., "Measuring user confidence in smartphone security and privacy," Proceedings of the Eighth Symposium on Usable Privacy and Security, 2012.