Related papers: Security Assessment of Mobile Banking Apps in West African Economic and Monetary Union

Security Assessment of Mobile Banking Apps in West African Economic and Monetary Union

URL: http://arxiv.org/abs/2411.04068v1
Date: Wed, 06 Nov 2024 17:43:31 GMT
Title: Security Assessment of Mobile Banking Apps in West African Economic and Monetary Union
Authors: Alioune Diallo, Aicha War, Moustapha Awwalou Diouf, Jordan Samhi, Steven Arzt, Tegawendé F. Bissyande, Jacque Klein,
Abstract summary: Poorly implemented security measures during app development can expose users and financial institutions to substantial financial risks. Our study evaluated fifty-nine WAEMU MBAs using static analysis techniques. We identified security-related code issues that could be exploited by malicious actors.
Score: 6.535157270216916
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The West African Economic and Monetary Union (WAEMU) states, characterized by widespread smartphone usage, have witnessed banks and financial institutions introducing mobile banking applications (MBAs). These apps empower users to perform transactions such as money transfers, bill payments, and account inquiries anytime, anywhere. However, this proliferation of MBAs also raises significant security concerns. Poorly implemented security measures during app development can expose users and financial institutions to substantial financial risks through increased vulnerability to cyberattacks. Our study evaluated fifty-nine WAEMU MBAs using static analysis techniques. These MBAs were collected from the 160 banks and financial institutions of the eight WAEMU countries listed on the Central Bank of West African States (BCEAO) website. We identified security-related code issues that could be exploited by malicious actors. We investigated the issues found in the older versions to track their evolution across updates. Additionally, we identified some banks from regions such as Europe, the United States, and other developing countries and analyzed their mobile apps for a security comparison with WAEMU MBAs. Key findings include: (1) WAEMU apps exhibit security issues introduced during development, posing significant risks of exploitation; (2) Despite frequent updates, underlying security issues often persist; (3) Compared to MBAs from developed and developing countries, WAEMU apps exhibit fewer critical security issues; and (4) Apps from banks that are branches of other non-WAEMU banks often inherit security concerns from their parent apps while also introducing additional issues unique to their context. Our research underscores the need for robust security practices in WAEMU MBAs development to enhance user safety and trust in financial services.

Related papers

Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report [50.268821168513654]
We present Foundation-Sec-8B, a cybersecurity-focused large language model (LLMs) built on the Llama 3.1 architecture. We evaluate it across both established and new cybersecurity benchmarks, showing that it matches Llama 3.1-70B and GPT-4o-mini in certain cybersecurity-specific tasks. By releasing our model to the public, we aim to accelerate progress and adoption of AI-driven tools in both public and private cybersecurity contexts.
arXiv Detail & Related papers (2025-04-28T08:41:12Z)
SafeMLRM: Demystifying Safety in Multi-modal Large Reasoning Models [50.34706204154244]
Acquiring reasoning capabilities catastrophically degrades inherited safety alignment. Certain scenarios suffer 25 times higher attack rates. Despite tight reasoning-answer safety coupling, MLRMs demonstrate nascent self-correction.
arXiv Detail & Related papers (2025-04-09T06:53:23Z)
Towards Trustworthy GUI Agents: A Survey [64.6445117343499]
This survey examines the trustworthiness of GUI agents in five critical dimensions. We identify major challenges such as vulnerability to adversarial attacks, cascading failure modes in sequential decision-making. As GUI agents become more widespread, establishing robust safety standards and responsible development practices is essential.
arXiv Detail & Related papers (2025-03-30T13:26:00Z)
Assessing the influence of cybersecurity threats and risks on the adoption and growth of digital banking: a systematic literature review [0.0]
This study examines the influence of cybersecurity threats on digital banking security, adoption, and regulatory compliance. It critically evaluates the most prevalent cyber threats targeting digital banking platforms, the effectiveness of modern security measures, and the role of regulatory frameworks in mitigating financial cybersecurity risks.
arXiv Detail & Related papers (2025-03-23T03:14:45Z)
Agent-SafetyBench: Evaluating the Safety of LLM Agents [72.92604341646691]
We introduce Agent-SafetyBench, a comprehensive benchmark to evaluate the safety of large language models (LLMs) Agent-SafetyBench encompasses 349 interaction environments and 2,000 test cases, evaluating 8 categories of safety risks and covering 10 common failure modes frequently encountered in unsafe interactions. Our evaluation of 16 popular LLM agents reveals a concerning result: none of the agents achieves a safety score above 60%.
arXiv Detail & Related papers (2024-12-19T02:35:15Z)
Global Challenge for Safe and Secure LLMs Track 1 [57.08717321907755]
The Global Challenge for Safe and Secure Large Language Models (LLMs) is a pioneering initiative organized by AI Singapore (AISG) and the CyberSG R&D Programme Office (CRPO) This paper introduces the Global Challenge for Safe and Secure Large Language Models (LLMs), a pioneering initiative organized by AI Singapore (AISG) and the CyberSG R&D Programme Office (CRPO) to foster the development of advanced defense mechanisms against automated jailbreaking attacks.
arXiv Detail & Related papers (2024-11-21T08:20:31Z)
Defining and Evaluating Physical Safety for Large Language Models [62.4971588282174]
Large Language Models (LLMs) are increasingly used to control robotic systems such as drones. Their risks of causing physical threats and harm in real-world applications remain unexplored. We classify the physical safety risks of drones into four categories: (1) human-targeted threats, (2) object-targeted threats, (3) infrastructure attacks, and (4) regulatory violations.
arXiv Detail & Related papers (2024-11-04T17:41:25Z)
A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges [10.342268145364242]
This study explores the common practices and challenges that developers face in securing their apps. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.
arXiv Detail & Related papers (2024-08-16T22:03:06Z)
Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z)
The WMDP Benchmark: Measuring and Reducing Malicious Use With Unlearning [87.1610740406279]
White House Executive Order on Artificial Intelligence highlights the risks of large language models (LLMs) empowering malicious actors in developing biological, cyber, and chemical weapons. Current evaluations are private, preventing further research into mitigating risk. We publicly release the Weapons of Mass Destruction Proxy benchmark, a dataset of 3,668 multiple-choice questions.
arXiv Detail & Related papers (2024-03-05T18:59:35Z)
A Comprehensive Study of Governance Issues in Decentralized Finance Applications [45.033994319846244]
We present a comprehensive study of governance issues in DeFi applications. We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies. Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues.
arXiv Detail & Related papers (2023-11-02T17:46:59Z)
Safety Assessment of Chinese Large Language Models [51.83369778259149]
Large language models (LLMs) may generate insulting and discriminatory content, reflect incorrect social values, and may be used for malicious purposes. To promote the deployment of safe, responsible, and ethical AI, we release SafetyPrompts including 100k augmented prompts and responses by LLMs.
arXiv Detail & Related papers (2023-04-20T16:27:35Z)
Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners? [10.771021805354911]
Attacks targeting smart contracts are increasing, causing an estimated $6.45 billion in financial losses. We aim to shed light on the effectiveness of automated security tools in identifying vulnerabilities that can lead to high-profile attacks. Our findings reveal a stark reality: the tools could have prevented a mere 8% of the attacks in our dataset, amounting to $149 million out of the $2.3 billion in losses.
arXiv Detail & Related papers (2023-04-06T10:27:19Z)
Do Software Security Practices Yield Fewer Vulnerabilities? [6.6840472845873276]
The goal of this study is to assist practitioners and researchers making informed decisions on which security practices to adopt. Four security practices were the most important practices influencing vulnerability count. The number of reported vulnerabilities increased rather than reduced as the aggregate security score of the packages increased.
arXiv Detail & Related papers (2022-10-20T20:04:02Z)
Measuring User Perceived Security of Mobile Banking Applications [0.8122270502556371]
This study was conducted to measure user-perceived security of M-Banking Apps. Perceived security, institutional trust and technology trust were confirmed as factors that affect user's intention to adopt and use M-Banking Apps.
arXiv Detail & Related papers (2022-01-09T16:45:30Z)
SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps [0.0]
SeMA is a mobile app development methodology that builds on existing mobile app design artifacts such as storyboards. An evaluation of the effectiveness of SeMA shows the methodology can detect and help prevent 49 vulnerabilities known to occur in Android apps.
arXiv Detail & Related papers (2020-01-27T20:10:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.