Security Analysis of Mobile Phones Used as OTP Generators
Abstract
The Norwegian company Encap has developed protocols
enabling individuals to use their mobile phones as one-time password
(OTP) generators. An initial analysis of the protocols reveals minor
security flaws. System-level testing of an online bank utilizing Encap's
solution then shows that several attacks allow a malicious individual to
turn his own mobile phone into an OTP generator for another individual's
bank account. Some of the suggested countermeasures to thwart the
attacks are already incorporated in an updated version of the online
banking system.
Domains
Digital Libraries [cs.DL]Origin | Files produced by the author(s) |
---|
Loading...