Apple’s New Security Code AutoFill Exposes Users to Bank Fraud
A new security feature coming to users with the release of iOS 12 could expose Apple customers to bank fraud by skipping the human validation process when authenticating transactions, a security researcher warns.
Apple announced at WWDC in June that iOS 12 would come with a new feature called Security Code AutoFill whose purpose is to automatically read two-factor authentication codes sent via SMS and then input them in forms in Safari to provide a seamless signing-in process for users.
While at first glance this is a feature that substantially improves usability, security expert Andreas Gutmann warns that such an implementation could, in the end, have an impact on transaction signing and Transaction Authentication Numbers (TANs).
2FA to be more widely-used