Researcher Shares Security Concerns Over Security Code Auto-Fill in iOS 12

Apple has introduced a new Security Code AutoFill feature in iOS 12, primarily aimed at improving the usability of two-factor authentication. However, security researcher Andreas Gutmann at OneSpan’s Cambridge Innovation Centre has detailed potential fraud concerns with the new feature in a recent article (via 9to5Mac).

SecurityCodeAutoFillDemo

Gutmann says the feature could expose users to online banking fraud “by removing the human validation aspect of the transaction signing/authentication process”.

He explains that human validation is an important aspect of two-factor authentication and that without it, users are more susceptible to “man-in-the-middle, phishing, or other social engineering attacks”.

Here’s an excerpt from the lengthy article:

“Transaction authentication, as opposed to user authentication, attests to the correctness of the intention of an action rather than just the identity of a user. It is most widely known in online banking, and in particular as a way to meet the EU’s Revised Payment Services Directive (PSD2) requirement for dynamic linking, where it is an essential tool to defend against sophisticated attacks.

The fact that a user verifies this salient information is precisely what provides the security benefit. Removing that from the process renders it ineffective.”

To read the article in full, hit up this link.

Want to see more of our stories on Google?

Add iPhone in Canada as a Preferred Source on Google

P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
0
Would love your thoughts, please comment.x
()
x