Comparative Vulnerability Analysis of Thai and Non-Thai Mobile Banking Applications-Reference-Cited by-同舟云学术

Comparative Vulnerability Analysis of Thai and Non-Thai Mobile Banking Applications

Published:2024-09-09 Issue:3 Volume:4 Page:650-662
ISSN:2624-800X
Container-title:Journal of Cybersecurity and Privacy
language:en
Short-container-title:JCP

Author:

Titiakarawongse Chatphat¹,Taksin Sasiyaporn¹,Ruangsawat Jidapa¹,Deeduangpan Kunthida¹,Boonkrong Sirapat¹

Affiliation:

1. Institute of Digital Arts and Science, Suranaree University of Technology, Nakhon Ratchasima 30000, Thailand

Abstract

The rapid adoption of mobile banking applications has raised significant concerns about their security vulnerabilities. This study presents a comparative vulnerability analysis of mobile banking applications from Thai and non-Thai banks, utilising the OWASP Mobile Top 10 framework. Nine mobile banking applications (five Thai and four non-Thai) were assessed using three vulnerability detection tools: AndroBugs, MobSF, and QARK. The results showed that both Thai and non-Thai mobile banking applications had vulnerabilities across multiple OWASP Mobile Top 10 categories, with reverse engineering, code tampering, and insufficient cryptography being the most common. Statistical analysis revealed that Thai banking applications exhibited significantly more vulnerabilities compared to non-Thai banking applications. In the context of vulnerability detection tools, AndroBugs and QARK proved more effective in detecting vulnerabilities compared to MobSF. Additionally, the study highlights critical security challenges in mobile banking applications, particularly for Thai banks, and emphasises the need for enhanced security measures. The findings also show the importance of using multiple assessment tools for comprehensive security evaluation and suggest potential areas for improvement in mobile banking applications.

Publisher

MDPI AG

Link

https://www.mdpi.com/2624-800X/4/3/31/pdf

Reference17 articles.

1. (2024, July 20). Bank of Thailand Use of Mobile Banking and Internet Banking. Available online: https://app.bot.or.th/BTWS_STAT/statistics/BOTWEBSTAT.aspx?reportID=949&language=ENG.

2. (2024, July 20). StatCounter Global Stats Mobile Operating System Market Share Thailand. Available online: https://gs.statcounter.com/os-market-share/mobile/thailand.

3. Traore, I., Woungang, I., Ahmed, S.S., and Malik, Y. (2018, January 28–30). Analysing Data Security Requirements of Android Mobile Banking Application. Proceedings of the Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada.

4. Chen, S., Fan, L., Meng, G., Su, T., Xue, M., Xue, Y., Liu, Y., and Xu, L. (July, January 27). An Empirical Assessment of Security Risks of Global Android Banking Apps. Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, Republic of Korea.

5. Security Model on Mobile Banking Application: Attack Simulation and Countermeasures;Kouraogo;Int. J. Intell. Enterp.,2017