Security analysis of mobile authenticator applications
Authors:
Date published:
Journal:
Pages:
Publisher:
Abstract:
Can Ozkan, Kemal Bicakci
2020/12/3
2020 International Conference on Information Security and Cryptology (ISCTURKEY)
18-30
IEEE
Deploying Two-Factor Authentication (2FA) is one of the highly-recommended security mechanism against account hijacking attacks. One of the common methods for 2FA is to bring something you know and something you have factors together. For the latter we have options including USB sticks, smart cards, SMS verification, and one-time password values generated by mobile applications (soft OTP). Due to the cost and convenience reasons, deploying 2FA via soft OTPs is more common. However, unlike smart cards which have tamper resistance property, attackers can access smartphones remotely or physically so that they can fetch shared secret seed value - an important security risk for mobile authenticators. For this reason, it is critical to analyze mobile authenticator applications in this context. In this paper, we report our findings after analyzing eleven different Android authenticator applications. We report …