A
A
Alexey Koval2014-08-20 20:00:11
Push technologies
Alexey Koval, 2014-08-20 20:00:11

How easy is it to fake pushToken ?

Good afternoon everyone!
We want to make a mobile client for Internet banking
. There was a question about push'i. Now many people use push to deliver one-time codes for authorization.
The application starts. In it, the user enters a login. After that, the current pushToken and login are sent to the bank's server. When sending an SMS with a code, the token database is analyzed. It turns out that there is a pushToken for this client, and as a result, the code is sent not via SMS, but via push.
And how easy is it for an attacker to fake / intercept pushToken in this model? To get a code for a client.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question