Researchers Warn About Apple's New Security Code AutoFill Feature
In June this year, Apple announced a new security feature in the iOS 12 that will allow the automatic reading of two-factor authentication (2FA) codes sent via SMS. The latest version of Apple's operating systems will be launched in a few months, though that particular new addition has already provided for a lot of controversy in the cyber security market. Called Security Code AutoFill, the new feature of Apple will skip the human validation process when authorizing transactions so that the two-factor codes that users receive and need to input manually when logging into websites in Safari would now get inserted automatically in order to provide a seamless signing-in process.
Although that sounds like a much more convenient way for users to log into their accounts, security experts warn that it comes at the cost of a considerably increased risk of cyber attacks. The feature could expose Apple customers to bank fraud, for example, due to the missing human interaction in the process of validating transactions.
According to the security expert Andreas Gutman, if Apple actually implements the feature, it could have an impact on the safety of banking transactions signing and Transaction Authentication Numbers (TANs). All that means that security systems used by banks for authentication and signing of transactions could be made completely ineffective as hackers could compromise online banking websites and mobile banking apps through attack methods like Man-in-the-Middle techniques. In that case, attackers could inject the required input field tag. Malicious websites and apps could also be used for compromising online and mobile banking accounts.
Gutman points out that it is exactly this user verification what provides the security benefit of the two-factor authentication method, and removing this human interaction from this process could wipe out this benefit completely. In that sense, this manual verification step seems obligatory if it is to be prevented that cybercriminals breach the online security systems of banks and other financial institutions. A positive consequence of the discussion about the iOS 12 Security Code AutoFill feature is that users who have so far not enabled the 2FA could feel encouraged to do so, becoming aware of the potential damage that a breach in their online banking could impose.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.