Kevin Jensen, Faiza Tazi, and Sanchari Das, University of Denver
The increased use of multi-factor authentication (MFA) has prompted the development of many competing MFA applications for secure authentication. Nevertheless, there is little research about the security vulnerabilities of these MFA mobile applications. To aid this, we conducted a thematic analysis on recent MFA-focused articles published in the year 2020 and performed security evaluation of 10 expert-recommended MFA mobile applications using RiskInDroid and Mobile Security Framework (MobSF). We found several code-based, permission-based, and cryptographic-based security violations of the applications which have severe vulnerability vectors. We conclude by providing actionable recommendations to fix any identified vulnerabilities and suggest stringent requirements for security-based applications to protect users from existing vulnerabilities.
@inproceedings{jensen-21-mfa-app-risks,
author = {Jensen, Kevin and Tazi, Faiza and Das, Sanchari},
title = {{Multi-Factor Authentication Application Assessment: Risk Assessment of Expert-Recommended MFA Mobile Applications}},
booktitle = {Who Are You?! Adventures in Authentication Workshop},
year = {2021},
series = {WAY~'21},
pages = {1--6},
address = {Virtual Conference},
month = aug,
publisher = {}
} % No publisher