Security News > 2020 > February > Apple proposes simple security upgrade for SMS 2FA codes
Apple engineers think they've come up with a simple way to make SMS two-factor authentication one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction.
The concept proposed by the company's Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website.
Bolting on improved security would be to ignore deeper worries such as SIM swap fraud where criminals receive security codes after hijacking the mobile user's account.
A lot will depend on Google, which in recent times has promoted what it sees as more secure alternatives to receiving SMS codes such as authentication apps, the WebAuthn standard or hardware tokens.
More recently it's taken a more pragmatic approach and suggested improving SMS communication using initiatives such as Verified SMS for Messages designed to authenticate organisations sending SMS messages including, in theory, their 2FA codes.
News URL
Related news
- Docker-OSX image used for security research hit by Apple DMCA takedown (source)
- Security biz Verkada to pay $3m penalty under deal that also enforces infosec upgrade (source)
- Apple releases iOS 18, with security and privacy improvements (source)
- Apple's latest macOS release is breaking security software, network connections (source)