Information from Internet Initiative Japan Inc.
Vulnerability ID:JVN#27137002
Title:IIJ SmartKey App for Android vulnerable to authentication bypass
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
* Affected Version
- IIJ SmartKey for Android 1.0.0 - 2.1.0
(*) NOT affect to IIJ SmartKey for iOS
* Inpact
A user, who does not unlock an application locking and do certain operations, can watch a TOTP one time password.
* Solution
IIJ release fixed version of IIJ SmartKey for Android.
Please update IIJ SmartKey for Android to following version, or newer.
- IIJ SmartKey for Android 2.1.1
(*) NOT require to update IIJ SmartKey for iOS
* Avoid by setting
Please lock your Android device.
