However, an OTP interception only requires two permissions to be executed, and one of them (Internet access) is a very common one. The more permission an app requires, the more suspicious it looks. While a safe app will intercept a SMS OTP to facilitate transactions and make them fast, a malicious app will intercept it in order to commit banking fraud. Our team identified two kinds of mobile applications using the OTP interception technique: the legitimate ones and the malicious ones. What seemed to be like a strong authentication process when it was first introduced is nowadays easily bypassed by mobile apps. But is the mobile device (tablet or smartphone) used to send and receive an SMS innocuous? Regrettably, not very. Once the OTP SMS is received, the user types it in the transaction interface and he is only then able to finalize his purchase. To do so, a temporary code is automatically sent by SMS to the phone number associated with the bank account used.
The purpose of an OTP is to prevent fraud by confirming that the person making the transaction and the credit card owner are one and the same. Most online transactions require a two-step authentication, and the One-Time-Password (OTP) sent by SMS is often one of those two steps.
0 kommentar(er)
