Litcius/Paper detail

On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices

Zeyu Lei, Yuhong Nan, Yanick Fratantonio, Antonio Bianchi

202137 citationsDOIOpen Access PDF

Abstract

code to this number. Finally, either the user is asked to insert the received authentication code, or the app automatically reads it from the incoming SMS, at which point the app can send the code back to the app's backend. This procedure proves ownership of a specific phone number (and of the corresponding SIM card). We note how this protocol effectively uses the SMS channel as the only "factor" to authenticate to a user's account.

Topics & Concepts

PasswordComputer scienceComputer securityOne-time passwordMobile deviceS/KEYInternet privacyOperating systemAdvanced Malware Detection TechniquesUser Authentication and Security SystemsSpam and Phishing Detection