iOS应用内支付安全分析 |
| |
引用本文: | 罗成,武玥.iOS应用内支付安全分析[J].电信网技术,2013(11):20-22. |
| |
作者姓名: | 罗成 武玥 |
| |
作者单位: | [1]工业和信息化部电信研究院 [2]中国互联网协会 |
| |
摘 要: | 应用内支付是开发者盈利的重要手段。然而,由于开发者在具体实现中未对交易进行有效性验证,导致攻击者可以通过控制流劫持和会话劫持两类攻击方式实现免费内购,给开发者权益造成了极大危害。本文以iOS平台应用内支付为研究对象,介绍了其支付流程,分析了支付过程中存在的安全问题及当前存在的攻击方法,最后总结了应用内支付攻击防御思路。
|
关 键 词: | i0S 应用内支付 安全 |
An Analysis of Vulnerability in iOS In-App Purchases |
| |
Abstract: | In-App Purchase (IAP) has become an important profit mode for iOS developers. However, a large number of iOS applications containing IAP functionality fail to perform sufficient verification on IAP transactions. By forging a transaction response, attackers can cheat the application and obtain the digital content in in-App store without paying. In this paper, we introduce the procedure of in-App Purchases, analyze the security feathers of IAP and summarize the defensive methods of IAP attacks. |
| |
Keywords: | iOS application of payment safety |
本文献已被 维普 等数据库收录! |