The recent publication of the “Browser in the Middle” attack has demonstrated an effective way to compromise a good number of variants of Multifactor Authentication and to control the information flow between the victim an the accessed service. That attack was mainly aimed at the victim use of a desktop browser to access a service. The present paper shows how that attack may be extended to involve the mobile environment and how, thanks to that enhancement, the attack may also gain the persistence attribute. The new attack is named MobileApp-in-the-Middle (MAitM). Again, as in BitM, no installation of malware on the victim’s platform is needed with MAitM.

Persistent MobileApp-in-the-Middle (MAitM) attack

Franco Tommasi;Christian Catalano
2024-01-01

Abstract

The recent publication of the “Browser in the Middle” attack has demonstrated an effective way to compromise a good number of variants of Multifactor Authentication and to control the information flow between the victim an the accessed service. That attack was mainly aimed at the victim use of a desktop browser to access a service. The present paper shows how that attack may be extended to involve the mobile environment and how, thanks to that enhancement, the attack may also gain the persistence attribute. The new attack is named MobileApp-in-the-Middle (MAitM). Again, as in BitM, no installation of malware on the victim’s platform is needed with MAitM.
File in questo prodotto:
File Dimensione Formato  
s11416-023-00484-z.pdf

accesso aperto

Descrizione: Articolo
Tipologia: Versione editoriale
Licenza: Creative commons
Dimensione 3.69 MB
Formato Adobe PDF
3.69 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11587/517686
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact