An Attack to One-Tap Authentication Services in Cellular Networks.

The One-Tap Authentication (OTAuth) based on the cellular network is a password-less login service provided by Mobile Network Operator (MNO) through the unique communication gateway access technique. The service allows app users to quickly sign up or log in with their mobile phone numbers without entering a password. Due to its convenience, OTAuth has been widely used by various apps. However, some studies have elaborated that OTAuth services are of great drawbacks from the perspective of mobile security and identified several flawed designs, which make the MNO cannot distinguish malicious apps from normal ones and cause impersonation attacks. In this paper, we further analyze OTAuth services from the perspective of 4G and 5G cellular networks and focus on two important procedures in which the cellular network plays an important role in OTAuth services. Not surprisingly, we discover a new fundamental design flaw in determining whether the runtime environment supports OTAuth services. Moreover, we propose a mature attack paradigm by exploiting this flaw, which allows an attacker to login or register one app as a victim. To evaluate the impact of the attack, we have examined 100/90/100 Android/iOS/HarmonyOS apps for OTAuth services of 3 mainstream MNOs in China. The experimental results show that our proposed attack is applicable to almost all the apps that support OTAuth services, and affects more apps than the attacks that have been reported before. Finally, we propose several countermeasures to defend against the attack. Note that, for security’s sake, we have already reported our findings to authorized parties and received their confirmations. [ABSTRACT FROM AUTHOR]