The rapid spread of micropayment systems, together with some peculiarity of their typical use, have attracted computer criminals and dishonest companies aiming at exploiting the systems' weaknesses to steal from users both personal data and money. This paper considers and analyzes some security risks associated with a particular form of micropayment, operator centric micropayment (OCM). A new technique of attack, aimed at an OCM system used by millions of users and named mobile session fixation, is described. By its use, a criminal can obtain the payer's phone number and even arrange the theft of some money. The paper proposes possible countermeasures and further hints for potential threats which might be the subject of analysis. INDEX TERMS Mobile session fixation, micropayment attack, micropayment security, mobile payment systems, operator centric micropayments risks threats.
The introduction of new memory-based crypto-mining techniques and the rise of new web technologies like WebAssembly, made the use of browsers for crypto-currencies mining more and more convenient and popular. That, in turn, originated a new form of computer piracy, called cryptojacking, which is rapidly gaining ground on the web. A cryptojacking site exploits its visitors’ hardware resources to secretly mine crypto-currencies. This paper analyzes current web-based cryptojacking detection methods in order to propose a novel hybrid strategy. Current detection methods are found to require either considerable computer administration skills or execution privileges usually not available to common users. In this view, a method, named MinerAlert, has been designed and proposed, aiming at detecting in real-time sites performing cryptojacking. To address the limitations of current methods, the method implementation has been achieved through a browser extension. The present paper describes the method’s details and its implementation. It also reports the experimental results of its utilization, showing its positive performances in terms of ease of use, successful detections and speed.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.