WoWWiki

This wiki contains inaccurate and out-of-date information. Please head over to https://wowpedia.fandom.com for more accurate and up-to-date game information.

READ MORE

WoWWiki
Advertisement
Were you looking for the Battle.net Authenticator (key fob device)?
BlizzMobileAuthApp-v2 2 2-175x175

Icon for v2.2.2 (Android)/v2.2.4 (iOS) and later

BnetMobileAuthApp-175x175

Icon for v2.2.1 (Android)/v2.2.2 (iOS) and earlier

The Blizzard Mobile Authenticator (or just "Authenticator"; previously Battle.net Mobile Authenticator; was also confusingly also called "Battle.net Authenticator" by Blizzard) is a small mobile phone application that functions similarly to the Blizzard Authenticator key fob device. However, it cannot be used in conjunction with the other device, one or the other can be used, but not both.[1]

On March 27, 2017 with the release of v2.2.2 (Android)/v2.2.4 (iOS), the app was renamed to the "Blizzard Mobile Authenticator" or just "Blizzard Authenticator" and the icon was updated.[2]

On January 9, 2012, three new languages were supported (not on BlackBerry): Português (Portuguese), Italiano (Italian), and Polski (Polish).[3]

The application is available for the iPhone, iPod Touch and iPad with iOS 3.x[4] and later. An iPad without 3G support or an iPod Touch needs a wi-fi connection for a setup, re-setup or a re-sync.[4] The iOS application is free of charge.

It's also available for many other mobile smartphones including phones running the Android operating system, Windows Phone 7 OS,[5] and some BlackBerry®[6] smartphones.

Until December 13, 2011 a version of the authenticator was available for some mobile devices like the Motorola RAZR, Nokia's Series 40, and other "non-smartphones."[7]

On June 16, 2016, the "One-Button Authenticator" feature was announced that removes the requirement for copy/paste of the authentication code, but instead gives an Approve/Deny option.[8] This new feature is only available on the Android (release Jun 15, 2016) and iOS (released Jun 13, 2016; v2.2.0) versions, so far. The ability to approve or deny logins via Notifications and approve or deny login requests on your smart watch functionality appeared on iOS v2.2.1 on Jun 27, 2016 and for Android on Nov 8, 2016. An iOS v2.2.2 appeared on Nov 8, 2016, but it isn't clear what the changes are (probably bug fixes).

Supported mobile phone OSes and languages[]

Mobile phone OS:

  • Android™
  • iOS (iPhone®, iPod touch®)
  • BlackBerry®
  • Windows™ Phone 7
May not support all features.

Language:

  • English
  • Français (French)
  • Deutsch (German)
  • Italiano (Italian)[9]
  • Polski (Polish)[9]
  • Português (Portuguese)[9]
  • Русский (Russian)
  • Español (Spanish)

Not BlackBerry.

Versions[]

Icon-time This section concerns content that is out-of-date. Reason: Android versions outdated. iOS version info incomplete.

As of Nov 8, 2016

iOS
  • v2.2.4 — March 27, 2017
  • v2.2.2 — November 8, 2016
  • v2.2.1 — June 27, 2016
  • v2.2.0 — June 13, 2016
  • v2.0.0 — August 31, 2015
  • v1.3.5 — ?
  • v1.3.1 — June 8th, 2011[10]
  • v1.3.0 — ???[10]
  • v1.0.1 — March 11th, 2010[10]
    • A new "Copy" feature lets you copy the currently displayed authentication code into your device's clipboard. You can then paste it into other text entry fields, such as when accessing Battle.net Account Management from your mobile.
    • Miscellaneous UI improvements
  • v1.0.0 — March 31st, 2009[10]

Originally released.

Android
  • v2.2.2 — March 27, 2017[2]
  • v2.2.1 — November 8, 2016[11]
  • v2.2.0 — June 15, 2016[12]
  • v2.0.4 — October 8, 2015[13]
  • v2.0.3 — September 30, 2015[14]
  • v2.0.2 — September 10, 2015[15]
  • v2.0.1 — September 9, 2015[16]
  • v1.1.3 — ?

Approve/deny login features[]

Starting with v2.2.1.
  • You can approve or deny login requests with a single tap.
  • You can approve or deny logins via Notifications
  • You can approve or deny login requests on your smart watch.

One-Button Authenticator[]

Icon-edit-22x22
Note: This is a generic section stub. You can help expand it by clicking Sprite-monaco-pencil Edit to the right of the section title.

May 6, 2014 update[]

An update was announced to occur around May 6, 2014 for the following:[17]

  • Full iOS 7 compatibility
  • iPhone 5/5s resolution update

Discontinued Java-based version[]

On November 10, 2011, Blizzard announced it would be discontinuing support for the Java-based (J2ME) versions[7] of the Battle.net Mobile Authenticator that were available for download at http://mobile.blizzard.com. Updates will no longer be provided after December 13, 2011.

Unsupported Mobile Devices[]

It is possible to install and use the mobile authenticator on many mobiles which are not officially listed as supported by Blizzard. Most mobile phones are capable of running the basic java authenticator application, information on installing the authenticator on unsupported devices can be found here.

Specification[]

Questionmark-medium This section concerns content that is potentially inaccurate. Reason: Is this still current?
Main article: Battle.net Mobile Authenticator Specification

The initialization of a Mobile Authenticator is done via an RSA encrypted request to Blizzards initialization servers including an one time pad key for encryption of the response. The server generates an 160-bit key which is later used for code generation and a serial number is connected to that key. Both things are stored on the server and are also sent back to the client (encrypted with the one time pad key from the request).

The code generation is done via encrypting the current time (milliseconds since 1970/01/01 0:00 UTC divided by 30,000) with HMAC-SHA1 using the key from the initialization. From the result are some bytes selected and displayed as current authenticator code.

Security Vulnerability[]

Because of a weak one time pad key generation algorithm on the client side, an attacker who is able to capture the encrypted initialization response between server and client device can fully compromise the security of the Battle.net Mobile Authenticator.[18] The reason is, that the one time pad key used for encryption of the server response only depends deterministic from the current time on the client device. Normally that time shouldn't differ too much from the common time. So an attacker only needs to guess some time values, calculate the corresponding one time pad keys, use them for decryption of the captured server response and check, whether one of the results make sense (because of the known format of the included serial number, it is easy to say, whether a result makes sense or not). If he finds such a result, it is very likely that he guessed the correct one time pad key and now knows the authenticator ID and the secret code calculation key from the decrypted response.

To prevent this attack even if there is no real randomness (e. g. hardware random generator) is available on the client device, there should be used aside from the current time also some kind of user generated randomness (pressing random buttons on the device, ...) for creating the one time pad key used for encryption of the initialization data.

Desktop ports[]

It is possible to re-implement the specification to run the Battle.net Mobile Authenticator also directly on the PC. It is difficult to say, whether this is less secure or not in comparison to running it on a real mobile device. Of cause an attacker could read out the necessarily stored secret code calculation key from the PC via a trojan and so breaks the security of such a PC authenticator. But with a trojan on the PC of the victim, the attacker could also read the typed authenticator code when the victim is logging into the game, interrupting the connection of the victim and using the current authenticator code by itself for immediate game login (maybe with a bot) while preventing further game logins of the victim via the trojan.

List of desktop ports with public source code availability:

It is also possible to run Blizzards implementation within a mobile phone emulator on the desktop.

An online version also exists* and is publicly available since November 2011. The source code of the PHP implementation are published, but this is not the case for the website. This kind of online application are less secure than a desktop port, but, as an advantage, you can retrieve your code from anywhere.

Media[]

Images[]

Notes[]

  • This application was announced on March 31st, 2009 on the US official forums and June 2nd, 2009 on the EU official forums.[19][20]
  • The Mobile Authenticator app was not available in mid to late September 2009 for some reason. Several blue posts stated this fact, but no reason was given.
  • All Android based phones can download and use the Mobile Authenticator app listed in the Android Market regardless of whether the phone is listed as being supported here.

References[]

  1. ^ 2. Re: iPhone Blizz Authenticator | 2009-08-26 07:38 by Orlyia
  2. ^ a b http://www.apkmirror.com/apk/blizzard-entertainment-inc/battle-net-mobile-authenticator/battle-net-mobile-authenticator-2-2-2-release/
  3. ^ Blizzard Entertainment 2012-01-09. New Languages for Battle.net Mobile Authenticator. Official World of Warcraft Community site (EU).
  4. ^ a b Battle.net Mobile Authenticator FAQ
  5. ^ Blizzard Entertainment 2011-07-07. Battle.net Mobile Authenticator for Windows® Phone 7 Devices. US.Battle.net.
       Blizzard Entertainment 2011-07-07. Battle.net Mobile Authenticator for Windows® Phone 7 Devices. EU.Battle.net.
  6. ^ Battle.net Mobile Authenticator. BlackBerry App World > Apps > Utilities > Utilities >. Retrieved on 2011-11-10.
  7. ^ a b Blizzard Entertainment 2011-11-10. Battle.net Mobile Authenticator – Java Version Support Update. Official World of Warcraft Community site (US).
       Blizzard Entertainment 2011-11-10. Battle.net Mobile Authenticator – Java Version Support Update. Official World of Warcraft Community site (EU).
  8. ^ Blizzard Entertainment 2016-06-16. Introducing the One-Button Authenticator. Heroes of the Storm official game site (US).
       Blizzard Entertainment 2016-06-16. Introducing the One-Button Authenticator. Heroes of the Storm official game site (EU).
  9. ^ a b c Blizzard Entertainment 2012-01-09. New Languages for Battle.net Mobile Authenticator. World of Warcraft official game site (EU).
  10. ^ a b c d MVP Sixen 2011-05-09. Remote App and Authenticator Release Notes. Official Website and Mobile Feedback > Mobile Bug Report forum (US).
  11. ^ http://www.apkmirror.com/apk/blizzard-entertainment-inc/battle-net-mobile-authenticator/battle-net-mobile-authenticator-2-2-1-release/battle-net-mobile-authenticator-2-2-1-android-apk-download/#whatsnew
  12. ^ http://www.apkmirror.com/apk/blizzard-entertainment-inc/battle-net-mobile-authenticator/battle-net-mobile-authenticator-2-2-0-release/battle-net-mobile-authenticator-2-2-0-android-apk-download/
  13. ^ http://www.apkmirror.com/apk/blizzard-entertainment-inc/battle-net-mobile-authenticator/battle-net-mobile-authenticator-2-0-4-release/battle-net-mobile-authenticator-2-2-1-android-apk-download/#whatsnew
  14. ^ http://www.apkmirror.com/apk/blizzard-entertainment-inc/battle-net-mobile-authenticator/battle-net-mobile-authenticator-2-0-3-release/battle-net-mobile-authenticator-2-2-1-android-apk-download/#whatsnew
  15. ^ http://www.apkmirror.com/apk/blizzard-entertainment-inc/battle-net-mobile-authenticator/battle-net-mobile-authenticator-2-0-2-release/battle-net-mobile-authenticator-2-2-1-android-apk-download/#whatsnew
  16. ^ http://www.apkmirror.com/apk/blizzard-entertainment-inc/battle-net-mobile-authenticator/battle-net-mobile-authenticator-2-0-1-release/battle-net-mobile-authenticator-2-2-1-android-apk-download/#whatsnew
  17. ^ Blizzard Entertainment Vrakthris 2014-05-06. [iOS] Authenticator update - Be Prepared!. Official Support > Customer Support forum (US).
  18. ^ Seclists.org: 2010/09/20: Battle.net Mobile Authenticator MITM Vulnerability
  19. ^ 0. Battle.net Mobile Authenticator Now Available | 2009-04-01 06:49 by Nethaera
  20. ^ 0. Mobile Authenticator Available In Europe! | 2009-06-02 19:12 by Ancilorn

See also[]

External links[]

Icon-time This section concerns content that is out-of-date. Reason: Some of the support links are probably slightly outdated.
US
EU
Other info
News
Old info
Advertisement