Questions Raised About the Security of iOS 12 Security Key AutoFill

Ángel González

2 minutes

Security

All the what's new in iOS 12 They do not lie at the design level, but at the level of functionality. This new major software update provides the user with greater privacy and new functions that improve their user experience. The security and privacy They are two of the most important axes of the operating system, so there are many functions dedicated to this.

One of them is what is known as Auto Fill or, in Spanish, self-filling of security codes, a tool that allows us to decrease the time when inserting security codes that arrive in the form of SMS in different services. In recent days, doubts have arisen about the safety of this function and, therefore, there are two camps: the detractors and the defenders.

IOS 12 Key Autofill Lose Human Component?

iOS 12 contains many surprises at the level of small functions that we have been discovering with the different betas that Apple releases over the weeks. The security key auto-fill it was presented at WWDC as a user facility. Many services offer users keys in the form of text messages (SMS) that they have to enter into an application to finally be able to access the platform. Until now in that process the user had to participate actively copying and pasting the code from the SMS, but with the function we are talking about the process is automated.

The unique access codes that you receive by SMS appear automatically as Autofill suggestions, so you don't have to worry about memorizing or entering them.

A developer from the Cambridge Innovation Center on the OneSpan platform, Andreas Gutmann, has produced a lengthy paper in which calls into question reliability and safety of the process that takes place in the new feature of iOS 12. In it he talks about the active role that is lost with the autofill function. Gutmann says that an important aspect of authentication is the human validation process, and if this component is lost the user can be a target of «man-in-the-middle attacks, phishing or other social engineering attacks ».


You are interested in:
How to change or deactivate the SIM card PIN in iOS 12
Follow us on Google News

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   John Fco said
    ago 6 years

    In Android in various applications the code was already set automatically when receiving the sms

    Reply to Juan Fco