Mobile OTP Interception
What is Mobile OTP Interception?
Mobile OTP InterceptionAttacks that capture one-time passwords delivered to a phone, undermining SMS- or app-based two-factor authentication.
OTPs delivered by SMS, voice, or push are intercepted through several channels: SS7 / Diameter signalling abuse that reroutes SMS to attacker-controlled equipment, SIM swapping to clone a victim's number, Android banking trojans that read SMS or screen content via the Accessibility Service, malicious notification listeners on a compromised phone, and OTP-relay services such as Telegram bots used by fraud crews. Defences include moving from SMS OTP to phishing-resistant authentication (FIDO2 security keys, passkeys, or platform authenticators), enforcing number-port locks with the carrier, restricting Accessibility usage on Android, and detecting velocity and device-binding anomalies at the application layer.
● Examples
- 01
Researchers documented SS7 attacks redirecting bank OTP SMS to attacker numbers and emptying victim accounts in Germany.
- 02
An Android trojan with Accessibility access reads OTP SMS notifications and forwards them via Telegram in real time.
● Frequently asked questions
What is Mobile OTP Interception?
Attacks that capture one-time passwords delivered to a phone, undermining SMS- or app-based two-factor authentication. It belongs to the Mobile Security category of cybersecurity.
What does Mobile OTP Interception mean?
Attacks that capture one-time passwords delivered to a phone, undermining SMS- or app-based two-factor authentication.
How does Mobile OTP Interception work?
OTPs delivered by SMS, voice, or push are intercepted through several channels: SS7 / Diameter signalling abuse that reroutes SMS to attacker-controlled equipment, SIM swapping to clone a victim's number, Android banking trojans that read SMS or screen content via the Accessibility Service, malicious notification listeners on a compromised phone, and OTP-relay services such as Telegram bots used by fraud crews. Defences include moving from SMS OTP to phishing-resistant authentication (FIDO2 security keys, passkeys, or platform authenticators), enforcing number-port locks with the carrier, restricting Accessibility usage on Android, and detecting velocity and device-binding anomalies at the application layer.
How do you defend against Mobile OTP Interception?
Defences for Mobile OTP Interception typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Mobile OTP Interception?
Common alternative names include: OTP interception, 2FA bypass on mobile.
● Related terms
- attacks№ 1047
SIM Swapping
A fraud technique in which an attacker tricks or bribes a mobile carrier into transferring a victim's phone number to a SIM the attacker controls.
- attacks№ 1059
Smishing
Phishing delivered via SMS or other mobile-messaging channels to trick victims into clicking malicious links, calling fraudulent numbers, or revealing data.
- mobile-security№ 047
Android Malware
Malicious software that targets the Android operating system, typically distributed through sideloaded APKs, dropper apps on Google Play, or compromised third-party stores.
- identity-access№ 1155
Time-Based One-Time Password (TOTP)
A one-time password algorithm defined in RFC 6238 that derives a short code from a shared secret and the current time, rotating every 30 seconds.
- identity-access№ 479
HMAC-Based One-Time Password (HOTP)
An event-based one-time password algorithm defined in RFC 4226 that derives a short code from a shared secret and a monotonically increasing counter.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.