What are the types of attacks on mobile banking clients?

M

Macbet2016-03-21 13:10:58

Software testing

Macbet, 2016-03-21 13:10:58

Hello, there was a task to test a mobile banking application, I am an engineer with experience, but before that I tested simple mobile applications and websites, please tell me what documentation to read in this direction and in general what is the range of attacks on mobile banks? (documentation language English/Russian)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan, 2016-03-21
@Macbet

You will not be able to completely secure the mobile client (if it is for android).
Vaughn, the savings bank of the Kaspersky SDK had a protective one built in and it didn’t help :)
If they want to get it, they’ll get anything (now there are packages that root the phone and there will be no way to protect yourself from this), the protection mechanisms will reverse and decrypt the keys. SMS verification will also cost.
It is also possible to phish over the bank application when it is launched by the user (detection by package name).
Phishing is possible through the accessibility service.
Or are you interested in something very specific?