Attacking Software Tokens

Explore techniques for attacking software-based two-factor authentication tokens in this conference talk from HITB Security Conference. Delve into the vulnerabilities of smartphone OTP generator apps as they replace traditional hardware tokens. Learn about various attack methods, including static and dynamic analysis, custom kernel sandboxes, and full-system emulation. Examine proof-of-concept exploits targeting major vendors' soft tokens and understand how to assess the effectiveness of obfuscation techniques. Gain insights from Bernhard Mueller, an experienced hacker with a track record of discovering zero-day flaws and developing innovative attacks on core Internet protocols.