EAL 3

Most Mobile Authenticator Apps Have a Design Flaw That Can Be Hacked

Retrieved on: 
Friday, October 8, 2021

Typically this would mean an SMS-based OTP (one time password) or a code generated by hardware token or a mobile authenticator app.

Key Points: 
  • Typically this would mean an SMS-based OTP (one time password) or a code generated by hardware token or a mobile authenticator app.
  • However, Safest doesnt necessarily mean perfect and new research into a previously overlooked design flaw reinforces this all too well.
  • This is why most authentication apps try to make use of the safest storage available for these keys.
  • Unfortunately, theres a general flaw in their architectural design which hackers can exploit, says V-Key CTO Er Chiang Kai.