OpenSSL vulnerabilities in mobile banking applications
Date
2017
Authors
Muriuki, Paul William
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
Mobile banking has taken Kenya by storm. It is an easy and convenient banking channel in your hands. It is accessible from anywhere provided you have an internet connection or connectivity to your mobile network provider. Banks and other financial institutions have seen the numerous benefits of providing mobile banking services to their customers and each one is rushing to deploy their own mobile banking solution in an attempt to gain a competitive edge over their competitors. But as with new inventions, particularly those aimed at people’s finances, existing and potential clients of these institutions are worried as to how safe their transactions are. This is especially so since they are effected from remote locations and through their mobile devices. Questions are being asked concerning how secure mobile banking is and how safe personal information is while being transmitted from mobile devices to banks. This study seeks to understand the architecture of mobile banking solutions and identify potential areas of vulnerability in the systems deployed. It further seeks to look at how secure the deployed OpenSSL third party libraries are. Third party OpenSSL libraries are used extensively to secure data in transmission. The study, by leveraging the software development life cycle’s Agile development methodology, proposes to provide a tool that can be used by financial institutions to test banking applications developed for mobile devices before deploying them to the market. This will ensure that only secure systems are deployed. The results of this study will show the importance of proper testing before application deployment.
Description
Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore University
Keywords
Mobile Applications, Mobile Banking, OpenSSL, Third Party Libraries, Financial Institutions