Today, many mobile devices are used as security tokens and/or host security tokens. As such, these mobile devices may store shared secrets that are used to generate one-time-use security codes for various authentication and validation purposes such as multi-factor authentication, mobile purchases, electronic identification, and so on. Typically, these shared secrets are unique to each mobile device on which they are stored. For example, a unique virtual credit card may be associated with and stored to a specific mobile device to enable the mobile device to perform APPLE PAY transactions. Similarly, a shared secret may be associated with and stored to a specific mobile device to enable two-factor authentication (e.g., using a two-factor authentication system such as GOOGLE AUTHENTICATOR or AUTHY) to be performed via the mobile device.
Unfortunately, when a security token is temporarily out of an owner's possession (e.g., when a mobile device is surrendered for repairs or maintenance), a malicious party may extract a shared secret from the mobile device without the owner's knowledge. The malicious party may then use the extracted shared secret to clone the security token and use the cloned security token to generate security codes for authentication purposes. Since an authentic security token that has been cloned may be returned to the owner, the owner may be completely unaware of the authentic security token having been compromised. As such, the owner will likely be completely unaware of the malicious party's ability to impersonate the owner using the cloned security token. The instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting cloning of security tokens.