back to article Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …

  1. Anonymous Coward
    Anonymous Coward

    'possible for a skilled and resourceful attacker'.

    would that be a skilled and resourceful attacker who's salary comes from the taxpayer of the respective country his security service employer resides within?

  2. Edwin

    Completely pointless comment

    ...but I only read the article because of the Weird Al reference...

    1. AIBailey
      Thumb Up

      Re: Completely pointless comment

      Same here.

  3. Fruit and Nutcase Silver badge

    Blow me down with a feather

    ...concludes that his research serves to illustrate that most anything is hackable, given enough time and resources.

    1. Shades

      Re: Blow me down with a feather

      I conclude that reaching another galaxy is doable given enough time and resources. Do I get a full article in El Reg?

  4. Daniel B.

    Not surprised

    I've always feared this could happen once your tokens start living in a device that can potentially have its entire contents dumped. By the way, some entities that shall remain unnamed do indeed activate PIN mode, but they restrict said PIN to a 4-digit code. This, coupled with the "parity" check means that you can quickly narrow down to a few possible PIN candidates and just try those ones until you hit the right one.

    And that's assuming they didn't nab your PIN as well by pulling off those nifty phishing app tricks.

    I'll keep my physical tokens, thank you very much.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon