Answer the question
In order to leave comments, you need to log in
How easy is it to fake pushToken ?
Good afternoon everyone!
We want to make a mobile client for Internet banking
. There was a question about push'i. Now many people use push to deliver one-time codes for authorization.
The application starts. In it, the user enters a login. After that, the current pushToken and login are sent to the bank's server. When sending an SMS with a code, the token database is analyzed. It turns out that there is a pushToken for this client, and as a result, the code is sent not via SMS, but via push.
And how easy is it for an attacker to fake / intercept pushToken in this model? To get a code for a client.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question