Paper Type
Complete
Paper Number
1248
Description
Two-factor authentication (2FA) is widely recognized as a highly secure method. SMS One-Time Password (OTP) authentication is very popular, although this delivery channel has been removed from NIST recommendations due to the risk of phishing and malware attacks. The study aims to confirm the potential risks of OTP vulnerability to malware attacks and poor OTP creation, as well as man-in-the-middle and other attacks reported in the literature. The study also investigated the conditions required for successful attacks and proposed a novel attack using the SMS User Consent API, demonstrating that even theoretically secure APIs can intercept SMS OTPs.
Recommended Citation
Bartłomiejczyk, Maciej and El Fray, Imed, "Analysis of attacks on SMS OTP-based authentication process" (2024). PACIS 2024 Proceedings. 1.
https://aisel.aisnet.org/pacis2024/track07_secprivacy/track07_secprivacy/1
Analysis of attacks on SMS OTP-based authentication process
Two-factor authentication (2FA) is widely recognized as a highly secure method. SMS One-Time Password (OTP) authentication is very popular, although this delivery channel has been removed from NIST recommendations due to the risk of phishing and malware attacks. The study aims to confirm the potential risks of OTP vulnerability to malware attacks and poor OTP creation, as well as man-in-the-middle and other attacks reported in the literature. The study also investigated the conditions required for successful attacks and proposed a novel attack using the SMS User Consent API, demonstrating that even theoretically secure APIs can intercept SMS OTPs.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
Security