Researcher expresses concerns over iOS 12’s new security code auto-fill feature
With iOS 12 and macOS Mojave, Apple has introduced a new security code auto-fill feature that makes managing two-factor authentication codes sent via SMS easier to manage. A security researcher, however, has published a new piece detailing some potential fraud concerns with the feature..
In our initial coverage of the feature, we noted that SMS two-factor isn’t the most secure form of two-factor authentication. Now, Andreas Gutmann, a researcher at OneSpan’s Cambridge Innovation Centre, dives deeper into the security concerns that come with Apple’s new auto-fill feature.
Security Code AutoFill is a new feature for iPhones in iOS 12. It is supposed to improve the usability of two-factor authentication, but could expose users to online banking fraud by removing the human validation aspect of the transaction signing/authentication process.