Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
Schneier on Security
JUNE 20, 2018
Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points out an application where this could become a vulnerability: when authenticating transactions: Transaction authentication, as opposed to user authentication, is used to attest the
Let's personalize your content