Mobile Session Fixation Attack in Micropayment Systems
The rapid spread of micropayment systems, together with some peculiarity of their typical use, have attracted computer criminals and dishonest companies aiming at exploiting the systems' weaknesses to steal from users both personal data and money. This paper considers and analyzes some security...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2019-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8673952/ |
id |
doaj-1db12caa1498419aba5958d2bdf61d42 |
---|---|
record_format |
Article |
spelling |
doaj-1db12caa1498419aba5958d2bdf61d422021-04-05T17:01:41ZengIEEEIEEE Access2169-35362019-01-017415764158310.1109/ACCESS.2019.29052198673952Mobile Session Fixation Attack in Micropayment SystemsF. Tommasi0https://orcid.org/0000-0003-2419-7381C. Catalano1M. Fornaro2I. Taurino3Department of Innovation Engineering, University of Salento, Lecce, ItalyDepartment of Innovation Engineering, University of Salento, Lecce, ItalyDepartment of Innovation Engineering, University of Salento, Lecce, ItalyDepartment of Innovation Engineering, University of Salento, Lecce, ItalyThe rapid spread of micropayment systems, together with some peculiarity of their typical use, have attracted computer criminals and dishonest companies aiming at exploiting the systems' weaknesses to steal from users both personal data and money. This paper considers and analyzes some security risks associated with a particular form of micropayment, operator centric micropayment (OCM). A new technique of attack, aimed at an OCM system used by millions of users and named mobile session fixation, is described. By its use, a criminal can obtain the payer's phone number and even arrange the theft of some money. The paper proposes possible countermeasures and further hints for potential threats which might be the subject of analysis.https://ieeexplore.ieee.org/document/8673952/Mobile session fixationmicropayment attackmicropayment securitymobile payment systemsoperator centric micropayments risks threats |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
F. Tommasi C. Catalano M. Fornaro I. Taurino |
spellingShingle |
F. Tommasi C. Catalano M. Fornaro I. Taurino Mobile Session Fixation Attack in Micropayment Systems IEEE Access Mobile session fixation micropayment attack micropayment security mobile payment systems operator centric micropayments risks threats |
author_facet |
F. Tommasi C. Catalano M. Fornaro I. Taurino |
author_sort |
F. Tommasi |
title |
Mobile Session Fixation Attack in Micropayment Systems |
title_short |
Mobile Session Fixation Attack in Micropayment Systems |
title_full |
Mobile Session Fixation Attack in Micropayment Systems |
title_fullStr |
Mobile Session Fixation Attack in Micropayment Systems |
title_full_unstemmed |
Mobile Session Fixation Attack in Micropayment Systems |
title_sort |
mobile session fixation attack in micropayment systems |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2019-01-01 |
description |
The rapid spread of micropayment systems, together with some peculiarity of their typical use, have attracted computer criminals and dishonest companies aiming at exploiting the systems' weaknesses to steal from users both personal data and money. This paper considers and analyzes some security risks associated with a particular form of micropayment, operator centric micropayment (OCM). A new technique of attack, aimed at an OCM system used by millions of users and named mobile session fixation, is described. By its use, a criminal can obtain the payer's phone number and even arrange the theft of some money. The paper proposes possible countermeasures and further hints for potential threats which might be the subject of analysis. |
topic |
Mobile session fixation micropayment attack micropayment security mobile payment systems operator centric micropayments risks threats |
url |
https://ieeexplore.ieee.org/document/8673952/ |
work_keys_str_mv |
AT ftommasi mobilesessionfixationattackinmicropaymentsystems AT ccatalano mobilesessionfixationattackinmicropaymentsystems AT mfornaro mobilesessionfixationattackinmicropaymentsystems AT itaurino mobilesessionfixationattackinmicropaymentsystems |
_version_ |
1721540448041828352 |