Man-in-the-Phone Attacks (Man-in-the-Mobile/MitMo Attacks)
Man-in-the-Phone Attacks (also termed as Man-in-the-Mobile Attacks, or MitMo attacks) are a new class of attack vectors that have started to emerge as the advancement of mobile phones as computing devices has led to the possibility of malware being maliciously loaded onto them. This presents a serious challenge for out-of-band authentication systems, as the malware can spy on SMS OTPs or voice calls and relay them back to the hackers. Only an offline approach with challenge-response and transaction data signing can defeat this new manifestation of a classic Man-in-the-Middle attack. One-time passwords and out-of-band authentication are easily defeated by malware loaded onto mobile phones. The increase in mobile fraud is commensurate with the increase in performing online authentication and transactions on mobile platforms.