Most Mobile Authenticator Apps Have a Design Flaw That Can Be Hacked
Retrieved on:
Friday, October 8, 2021
Data Management, Security, Technology, Mobile, Wireless, Software, Networks, Hardware, USD, OTP Ingatlanpont, Digital, EAL 3, OCBC, Fraud, COVID-19, V-Key, Google, Time, Growth, Seed, Risk management, Hardware, OS, Software, IPhone, PKI, EAL, Trust, Digital identity, UOB, Nature, FIPS, McKinsey & Company, IOS, DBS, IOT, Trusted execution environment, Public key infrastructure, Government, OTP, Organization, Research, SMS, TEE, Trust (social science), White paper, Online shopping, Cryptocurrency, Mobile phone
Typically this would mean an SMS-based OTP (one time password) or a code generated by hardware token or a mobile authenticator app.
Key Points:
- Typically this would mean an SMS-based OTP (one time password) or a code generated by hardware token or a mobile authenticator app.
- However, Safest doesnt necessarily mean perfect and new research into a previously overlooked design flaw reinforces this all too well.
- This is why most authentication apps try to make use of the safest storage available for these keys.
- Unfortunately, theres a general flaw in their architectural design which hackers can exploit, says V-Key CTO Er Chiang Kai.