The recent publication of the “Browser in the Middle” attack has demonstrated an effective way to compromise a good number of variants of Multifactor Authentication and to control the information flow between the victim an the accessed service. That attack was mainly aimed at the victim use of a desktop browser to access a service. The present paper shows how that attack may be extended to involve the mobile environment and how, thanks to that enhancement, the attack may also gain the persistence attribute. The new attack is named MobileApp-in-the-Middle (MAitM). Again, as in BitM, no installation of malware on the victim’s platform is needed with MAitM.
Persistent MobileApp-in-the-Middle (MAitM) attack
Franco Tommasi;Christian Catalano
2024-01-01
Abstract
The recent publication of the “Browser in the Middle” attack has demonstrated an effective way to compromise a good number of variants of Multifactor Authentication and to control the information flow between the victim an the accessed service. That attack was mainly aimed at the victim use of a desktop browser to access a service. The present paper shows how that attack may be extended to involve the mobile environment and how, thanks to that enhancement, the attack may also gain the persistence attribute. The new attack is named MobileApp-in-the-Middle (MAitM). Again, as in BitM, no installation of malware on the victim’s platform is needed with MAitM.| File | Dimensione | Formato | |
|---|---|---|---|
|
s11416-023-00484-z.pdf
accesso aperto
Descrizione: Articolo
Tipologia:
Versione editoriale
Licenza:
Creative commons
Dimensione
3.69 MB
Formato
Adobe PDF
|
3.69 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
