Security News > 2020 > February > Apple proposes simple security upgrade for SMS 2FA codes

Apple proposes simple security upgrade for SMS 2FA codes
2020-02-03 12:54

Apple engineers think they've come up with a simple way to make SMS two-factor authentication one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction.

The concept proposed by the company's Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website.

Bolting on improved security would be to ignore deeper worries such as SIM swap fraud where criminals receive security codes after hijacking the mobile user's account.

A lot will depend on Google, which in recent times has promoted what it sees as more secure alternatives to receiving SMS codes such as authentication apps, the WebAuthn standard or hardware tokens.

More recently it's taken a more pragmatic approach and suggested improving SMS communication using initiatives such as Verified SMS for Messages designed to authenticate organisations sending SMS messages including, in theory, their 2FA codes.


News URL

https://nakedsecurity.sophos.com/2020/02/03/apple-proposes-simple-security-upgrade-for-sms-2fa-codes/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110