Home » News » General » Apple’s Security Code AutoFill feature in iOS 12 could expose users to online banking fraud, says researcher

Apple’s Security Code AutoFill feature in iOS 12 could expose users to online banking fraud, says researcher

By Digit NewsDesk | Updated on 04-Jun-2020
Apple’s Security Code AutoFill feature in iOS 12 could expose users to online banking fraud, says researcher
Digit NewsDesk Digit NewsDesk
04-Jun-2020
HIGHLIGHTS

The new Security Code AutoFill feature suggests OTP by reading the latest text message. A researcher says that the un-involvement of the user can lead to possible security vulnerabilities via social engineering attacks.

It’s clear that Apple’s focus was on performance while announcing its latest iOS 12 OS at WWDC 2018. However, the company also demoed some other features, which are aimed at easing everyday tasks like entering OTP for a two-step verification process. Now, a researcher at OneSpan’s Cambridge Innovation Centre, Andreas Gutmann has expressed concerns on how the said feature can be used to expose users to online banking fraud. Gutmann says that removing the human validation aspect of reading the OTP and entering it manually could create risks for users. The Two Factor Authentication (2FA) feature sends a unique code every time the user tries to log into their account.

Gutmann says that the new feature in iOS12, which makes this process easier for users, may negate the security benefits of “transaction signing and Transaction Authentication Numbers (TANs).” The transaction signing and TANs, are used to defend against social engineering and other similar cybersecurity attacks. Removing the user’s involvement in the 2FA process, who verifies the sent passcode information, can lead to increased risk in online security. Gutmann adds, “Transaction authentication, as opposed to user authentication, attests to the correctness of the intention of an action rather than just the identity of a user. It is most widely known in online banking, and in particular as a way to meet the EU’s Revised Payment Services Directive (PSD2) requirement for dynamic linking, where it is an essential tool to defend against sophisticated attacks.”  

As an example of this, someone can trick the user into transferring money to a different account than the one intended. This can be done with the help of social engineering techniques like phishing and vishing, and/or tools such as Man-in-the-Browser malware. You can read more about it in detail here.

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Redmi Note 14 Pro+ 5GRedmi Note 14 5GVivo V40e 5GInfinix Zero Flip 5G
Top-10s
Best Budget Smartphones in India (December 2024)Top Most Beautiful and Stylish Mobile Phones for Women/Girls (December 2024)Best Battery Backup Smartphones in India (December 2024)Best Gaming Phones under ₹20,000 (December 2024)
Latest News
Google enhances Android safety with new feature to detect and disable hidden trackersiPhone 17 Pro leaked image reveals bold new rear camera design: Here’s how it may look likeWhatsApp may soon introduce automatic message translation feature: How it will workOnePlus 12 gets exciting discount on Amazon: Here’s how to buy it for under Rs 50,000
Digit

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

Follow us : logo logo logo logo logo logo
Company About Us Contact Us Advertise with us Regulatory Terms & Conditions Privacy Policy Disclaimer Complaint Redressal
Copyright © 2024 Bennett, Coleman & Company Limited All Rights Reserved.
Digit.in
Logo
Digit.in
Logo