Idea ID: 2875549

implement rate-limiting on the push notification to overcome the attack of overwhelming push notifications with Smartphone method

kgast  
Status : New Idea

With a compromised user account (password) it would be possible to start a push notification bombing attack with the goal that the user will finally run an "Accept" within the smartphone app giving full access to the user account.

Mitigating this kind of attack might be technical not easy but there are a few options

- rate-limiting on the push notifications (like it exists already on the OTP authenticator)

- machine learning and anomaly detection to identify unusual patterns of push notification requests (not easy to implement)

- of course:  awareness training

- 2FA to add another layer (as an options) like SMS

Resources

Support
Documentation
Learning Services
CyberRes Academy
Partner Programs
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Conduct
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.