{"id":"https://openalex.org/W4385073903","doi":"https://doi.org/10.1007/s11276-023-03455-w","title":"App-based detection of vulnerable implementations of OTP SMS APIs in the banking sector","display_name":"App-based detection of vulnerable implementations of OTP SMS APIs in the banking sector","publication_year":2023,"publication_date":"2023-07-22","ids":{"openalex":"https://openalex.org/W4385073903","doi":"https://doi.org/10.1007/s11276-023-03455-w"},"language":"en","primary_location":{"id":"doi:10.1007/s11276-023-03455-w","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11276-023-03455-w","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11276-023-03455-w.pdf","source":{"id":"https://openalex.org/S205498627","display_name":"Wireless Networks","issn_l":"1022-0038","issn":["1022-0038","1572-8196"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Wireless Networks","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s11276-023-03455-w.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051194194","display_name":"Amador Aparicio","orcid":"https://orcid.org/0000-0003-2546-9246"},"institutions":[{"id":"https://openalex.org/I108103353","display_name":"Universidad de Valladolid","ror":"https://ror.org/01fvbaw18","country_code":"ES","type":"education","lineage":["https://openalex.org/I108103353"]}],"countries":["ES"],"is_corresponding":true,"raw_author_name":"Amador Aparicio","raw_affiliation_strings":["Departamento de Inform\u00e1tica, Universidad de Valladolid, P.o de Bel\u00e9n, 15, 47011, Valladolid, Spain"],"raw_orcid":"https://orcid.org/0000-0003-2546-9246","affiliations":[{"raw_affiliation_string":"Departamento de Inform\u00e1tica, Universidad de Valladolid, P.o de Bel\u00e9n, 15, 47011, Valladolid, Spain","institution_ids":["https://openalex.org/I108103353"]}]},{"author_position":"middle","author":{"id":null,"display_name":"M. Mercedes Mart\u00ednez-Gonz\u00e1lez","orcid":null},"institutions":[{"id":"https://openalex.org/I108103353","display_name":"Universidad de Valladolid","ror":"https://ror.org/01fvbaw18","country_code":"ES","type":"education","lineage":["https://openalex.org/I108103353"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"M. Mercedes Mart\u00ednez-Gonz\u00e1lez","raw_affiliation_strings":["Departamento de Inform\u00e1tica, Universidad de Valladolid, P.o de Bel\u00e9n, 15, 47011, Valladolid, Spain"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Departamento de Inform\u00e1tica, Universidad de Valladolid, P.o de Bel\u00e9n, 15, 47011, Valladolid, Spain","institution_ids":["https://openalex.org/I108103353"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053555806","display_name":"Valent\u00edn Carde\u00f1oso-Payo","orcid":"https://orcid.org/0000-0003-1460-158X"},"institutions":[{"id":"https://openalex.org/I108103353","display_name":"Universidad de Valladolid","ror":"https://ror.org/01fvbaw18","country_code":"ES","type":"education","lineage":["https://openalex.org/I108103353"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Valent\u00edn Carde\u00f1oso-Payo","raw_affiliation_strings":["Departamento de Inform\u00e1tica, Universidad de Valladolid, P.o de Bel\u00e9n, 15, 47011, Valladolid, Spain"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Departamento de Inform\u00e1tica, Universidad de Valladolid, P.o de Bel\u00e9n, 15, 47011, Valladolid, Spain","institution_ids":["https://openalex.org/I108103353"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5051194194"],"corresponding_institution_ids":["https://openalex.org/I108103353"],"apc_list":{"value":2390,"currency":"EUR","value_usd":2990},"apc_paid":{"value":2390,"currency":"EUR","value_usd":2990},"fwci":1.727,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.8541009,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"30","issue":"7","first_page":"6451","last_page":"6464"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9891999959945679,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9879000186920166,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8103269338607788},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.7297829389572144},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5955125093460083},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5718786716461182},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.444938987493515},{"id":"https://openalex.org/keywords/multi-factor-authentication","display_name":"Multi-factor authentication","score":0.43573668599128723},{"id":"https://openalex.org/keywords/sms-banking","display_name":"SMS banking","score":0.4227648079395294},{"id":"https://openalex.org/keywords/backward-compatibility","display_name":"Backward compatibility","score":0.41943567991256714},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.41442805528640747},{"id":"https://openalex.org/keywords/mobile-banking","display_name":"Mobile banking","score":0.355490118265152},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3280611038208008},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.16285094618797302},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.07823953032493591}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8103269338607788},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.7297829389572144},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5955125093460083},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5718786716461182},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.444938987493515},{"id":"https://openalex.org/C194699767","wikidata":"https://www.wikidata.org/wiki/Q7878662","display_name":"Multi-factor authentication","level":4,"score":0.43573668599128723},{"id":"https://openalex.org/C37703655","wikidata":"https://www.wikidata.org/wiki/Q4048808","display_name":"SMS banking","level":3,"score":0.4227648079395294},{"id":"https://openalex.org/C20574231","wikidata":"https://www.wikidata.org/wiki/Q844605","display_name":"Backward compatibility","level":2,"score":0.41943567991256714},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.41442805528640747},{"id":"https://openalex.org/C2775930393","wikidata":"https://www.wikidata.org/wiki/Q1941439","display_name":"Mobile banking","level":2,"score":0.355490118265152},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3280611038208008},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.16285094618797302},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.07823953032493591}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s11276-023-03455-w","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11276-023-03455-w","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11276-023-03455-w.pdf","source":{"id":"https://openalex.org/S205498627","display_name":"Wireless Networks","issn_l":"1022-0038","issn":["1022-0038","1572-8196"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Wireless Networks","raw_type":"journal-article"},{"id":"pmh:oai:uvadoc.uva.es:10324/60698","is_oa":true,"landing_page_url":"https://uvadoc.uva.es/handle/10324/60698","pdf_url":"https://uvadoc.uva.es/bitstream/10324/60698/1/App-based-detection-vulnerable.pdf","source":{"id":"https://openalex.org/S4306401553","display_name":"UVaDOC UVaDOC University of Valladolid Documentary Repository (University of Valladolid)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I108103353","host_organization_name":"Universidad de Valladolid","host_organization_lineage":["https://openalex.org/I108103353"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1007/s11276-023-03455-w","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11276-023-03455-w","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11276-023-03455-w.pdf","source":{"id":"https://openalex.org/S205498627","display_name":"Wireless Networks","issn_l":"1022-0038","issn":["1022-0038","1572-8196"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Wireless Networks","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6800000071525574,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320324500","display_name":"Universidad de Valladolid","ror":"https://ror.org/01fvbaw18"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4385073903.pdf"},"referenced_works_count":21,"referenced_works":["https://openalex.org/W417364168","https://openalex.org/W2138392687","https://openalex.org/W2144771282","https://openalex.org/W2151295171","https://openalex.org/W2594748672","https://openalex.org/W2598500014","https://openalex.org/W2774634569","https://openalex.org/W2892543765","https://openalex.org/W2915601373","https://openalex.org/W2927917692","https://openalex.org/W2991334710","https://openalex.org/W3046824668","https://openalex.org/W3095334931","https://openalex.org/W3131560726","https://openalex.org/W3135988818","https://openalex.org/W3158714349","https://openalex.org/W3213670813","https://openalex.org/W4238254613","https://openalex.org/W4281388923","https://openalex.org/W4309554402","https://openalex.org/W4313245861"],"related_works":["https://openalex.org/W1575679653","https://openalex.org/W4236428936","https://openalex.org/W2036726226","https://openalex.org/W2222755255","https://openalex.org/W2511300489","https://openalex.org/W3087825291","https://openalex.org/W1587900052","https://openalex.org/W2186431175","https://openalex.org/W3166699724","https://openalex.org/W3013111393"],"abstract_inverted_index":{"Abstract":[0],"Two":[1],"Factor":[2],"Authentication":[3],"(2FA)":[4],"using":[5],"One":[6,55,140],"Time":[7],"Password":[8],"(OTP)":[9],"codes":[10],"via":[11],"SMS":[12,34,61,103,137,191,214],"messages":[13,35],"is":[14,59,92,123,144,194],"widely":[15],"used.":[16],"In":[17],"order":[18,234],"to":[19,72,108,119,127,130,135,173,175,210,235],"improve":[20],"user":[21,48],"experience,":[22],"Google":[23],"has":[24,243],"proposed":[25,115],"APIs":[26,58,80],"that":[27,145,178,201,219],"allow":[28,208],"the":[29,33,37,40,45,60,74,90,120,155,162,190,195,212,223,237],"automatic":[30],"verification":[31],"of":[32,39,47,56,76,97,141,161,222,227,240],"without":[36],"intervention":[38],"users":[41,213],"themselves.":[42],"They":[43],"reduce":[44],"risks":[46],"error,":[49],"but":[50],"they":[51],"also":[52],"have":[53],"vulnerabilities.":[54,180],"these":[57,77],"Retriever":[62,192],"API":[63,88,193],"for":[64,150],"Android":[65],"devices.":[66],"This":[67,217],"article":[68],"presents":[69],"a":[70,82,148,171,220],"method":[71,149],"study":[73,182],"vulnerabilities":[75],"OTP":[78,104,138,215],"exchange":[79],"in":[81,89,188,233],"given":[83],"sector.":[84,247],"The":[85,114,198],"most":[86,196],"popular":[87],"sector":[91],"selected,":[93],"and":[94,102,167,229],"different":[95],"scenarios":[96],"interaction":[98],"between":[99,225],"mobile":[100],"apps":[101],"servers":[105],"are":[106,112,203],"posed":[107],"determine":[109],"which":[110,164,189,206,242],"implementations":[111,153,205],"vulnerable.":[113],"methodology,":[116],"applied":[117,129],"here":[118],"banking":[121,186],"sector,":[122,133,187],"nevertheless":[124],"simple":[125],"enough":[126],"be":[128],"any":[131],"other":[132,136],"or":[134],"APIs.":[139],"its":[142],"advantages":[143],"it":[146],"proposes":[147],"detecting":[151],"bad":[152],"on":[154,159,184],"server":[156],"side,":[157],"based":[158],"analyses":[160],"apps,":[163],"boosts":[165],"reusability":[166],"replicability,":[168],"while":[169],"offering":[170],"guide":[172],"developers":[174],"prevent":[176],"errors":[177],"cause":[179],"Our":[181],"focuses":[183],"Spain\u2019s":[185],"popular.":[197],"results":[199],"suggest":[200],"there":[202],"vulnerable":[204],"would":[207,231],"cybercriminals":[209],"steal":[211],"codes.":[216],"suggests":[218],"revision":[221],"equilibrium":[224],"ease":[226],"use":[228],"security":[230,241],"apply":[232],"maintain":[236],"high":[238],"level":[239],"traditionally":[244],"characterized":[245],"this":[246]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":2}],"updated_date":"2026-01-22T23:29:09.771500","created_date":"2023-07-23T00:00:00"}