Student Research Lagniappe
11:30 AM – 1:30 PM | PFT 1246
Flyer
Money on My Mind: Network Forensic Analysis of Venmo App
Abstract
The current state of fintech (financial technology) security, while well developed, still has significant vulnerabilities. In this paper, we analyze Venmo, a widely used fintech application, by examining its functionalities through network traffic inspection and logical data acquisition on a mobile phone. We present PyMent, a forensic tool that leverages Venmo Application Programming Interfaces (APIs) to remotely log into user accounts, bypass multifactor authentication (MFA), and retrieve comprehensive transaction histories. Using a Man-in-the-Middle (MitM) attack scenario, we intercepted and parsed API calls, user information, critical session cookies, and token values from the Venmo application. Building on these findings, PyMent further demonstrates how investigators can extract sensitive data that is not available in the application interface. Additionally, we highlight several Key Findings indicating that other cloud-based fintech services may share server-centric vulnerabilities, that session management tokens could represent a primary point of failure in these platforms, and that network-based forensics will likely outpace traditional device imaging as the industry moves further toward cloud services. Based on these observations, we identify a research gap concerning the need to systematically test a broader range of fintech systems, examining these issues across various mobile payment applications. We also provide an in-depth analysis of Venmo’s HTTPS architecture, offering insights that can guide more robust cybersecurity measures in fintech.
Trevor Spinosa
Lousiana State University
Enhancing Time Series Forecasting via Multi-Level Text Alignment with LLMs
Abstract
The current state of fintech (financial technology) security, while well developed, still has significant vulnerabilities. In this paper, we analyze Venmo, a widely used fintech application, by examining its functionalities through network traffic inspection and logical data acquisition on a mobile phone. We present PyMent, a forensic tool that leverages Venmo Application Programming Interfaces (APIs) to remotely log into user accounts, bypass multifactor authentication (MFA), and retrieve comprehensive transaction histories. Using a Man-in-the-Middle (MitM) attack scenario, we intercepted and parsed API calls, user information, critical session cookies, and token values from the Venmo application. Building on these findings, PyMent further demonstrates how investigators can extract sensitive data that is not available in the application interface. Additionally, we highlight several Key Findings indicating that other cloud-based fintech services may share server-centric vulnerabilities, that session management tokens could represent a primary point of failure in these platforms, and that network-based forensics will likely outpace traditional device imaging as the industry moves further toward cloud services. Based on these observations, we identify a research gap concerning the need to systematically test a broader range of fintech systems, examining these issues across various mobile payment applications. We also provide an in-depth analysis of Venmo’s HTTPS architecture, offering insights that can guide more robust cybersecurity measures in fintech.
