Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anywhere Computing Makes 2FA Insecure On iOS and Android (thestack.com)

Posted by msmash on from the 2FA-not-as-secure-as-you-think dept.

An anonymous reader writes: Academics from the VU University Amsterdam have identified a new class of vulnerabilities to two-factor authentication, commonly used to protect transactions involving financial and private information. The vulnerability leaves users of both Android and Apple mobile devices open to the theft of personal information by hackers. The researchers note the text (PDF). While anywhere computing is generally considered to be a good thing, the research claims that integration across multiple platforms essentially removes the gap between those platforms, and it is that gap that is required to make two-factor authentication secure. Without a gap between devices, a common hack called the man-in-the-browser attack can be elevated to intercept the one-time password generated for two-factor authentication, thereby rendering two-factor authentication useless.

2 of 69 comments (clear)

  1. Next up... by Lab+Rat+Jason · · Score: 3, Funny

    Three Factor Authentication!

    --
    Which has more power: the hammer, or the anvil?
    1. Re:Next up... by U2xhc2hkb3QgU3Vja3M · · Score: 4, Funny

      Next up... Three Factor Authentication!

      Fuck everything, we're doing Five Factor Authentication!