Hacking mobile login tokens tricky but doable, says reverse-engineer
I think I'm a clone now, there's always two of me just a-hangin' around Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns."