iOS and Android vulnerable to 2FA attack

Researchers found that syncing apps between multiple devices creates a new class of vulnerabilities that could render two-factor authentication (2FA) useless.

OUR TAKE: We see this as a pretty big development because businesses have been implementing packaged 2FA solutions that augment single sign-on capabilities. They all rely on the fundamental approach of pairing the device with the desktop, or sending an SMS code to a mobile number pre-registered by the user. Consumer apps and social network apps have also implemented mainstream 2FA security measures that rely more on SMS than an authenticator app. While consumer uptake has been limited, in business environments 2FA is widely deployed and in many cases, mandated.


Want to receive more content like this in your inbox?