A Security Researcher currently has a BIG Problem with iOS 12
“A new feature in iOS 12 makes it easier for you to handle two-factor authentication (2FA) requests,” Don Reisinger writes for Tom’s Guide. “But the process has provoked the ire of one security researcher who says it could cause real security problems, at least for some European online-banking customers.”
Thank you for reading this post, don't forget to subscribe!
“In iOS 12, already available for beta testing, there’s a new Security Code AutoFill feature. When you receive a one-time passcode (OTP) sent to your phone via SMS for two-factor authentication purposes, the Security Code AutoFill automatically retrieves the number and gives you the option, above the keyboard, to simply tap on the code to populate the required field. A note above the number will say ‘From Messages’ to let you know from which app the number was retrieved,” Reisinger writes. “The idea is to make it easier for you to log into 2FA-enabled accounts and services. Ostensibly, if Apple sends a one-time code to your phone and you see it come in, you won’t need to jump between apps to get the code and log in.”
“This makes sense within an American context,” Reisinger writes, “but it may be dangerous in Europe, where many online banks, especially in German-speaking countries, use an additional security feature.”
Read more in the full article here.