Cybercriminals can bypass two-factor authentication. In this article, we return to the topic and see what 2FA is and what it is for. Above all, we try to understand how cybercriminals bypass it and what solutions are available to defend themselves.
Two-Factor Authentication: What It Is And What It Is For
Two-factor authentication, 2FA, is a secure authentication method for computer systems and platforms. It consists of using two authentication methods instead of one.
For example, you are entering a password and scanning your fingerprint.
It is often confused with two-step verification (2SV), which is different.
Two-factor authentication effectively protects accounts because it raises the level of security, making it more difficult for attackers and unauthorized users to gain access.
Two-Factor Authentication: How It Works
As explained in some previous articles, two-factor authentication (2FA) is based on the joint use of two particular methods (usually over two channels).
For example, when we access our current account and provide your UserID and password, we also use a (one-time password or OTP).
A code that can only be used once it is created and sent to the user or generated through a token.
Cybercriminals: A New Technique To Bypass 2FA
Cybercriminals, as we know, are always looking for some flaw to use to bypass the various controls. A new phishing technique exploits Microsoft Edge WebView2 applications to take possession of authentication cookies and allow pirates to log in to stolen accounts. This bypasses 2FA.
Of course, for cybercriminals, two-factor authentication is complicated to bypass and makes life difficult.
However, the researcher has created a new phishing method that allows an attacker to easily steal authentication credentials and log in to accounts that use 2FA authentication.
Microsoft Edge WebView2 To Access Stolen Accounts
As with all types of phishing attacks, the foundation is social engineering. The cybercriminal leads the poor victim to launch an executable called (WebView2), which, once executed, opens a login page to a legitimate site within the same application.
The researcher specifies in his blog that (WebView2) allows to integration of Web technologies such as HTML, JavaScript, and CSS as if they were browsers. This technique will enable apps to load any site and make it appear open in Microsoft Edge.
WebView2 allows developers to access cookies directly and inject JavaScript into the loaded page.
Perhaps the most dangerous is that the code accesses the Chrome User Data Folder (UDF) folder, which contains all passwords, user bookmarks, and sessions. This way, it is possible to export site cookies upon authentication and send them to the attacking server.
The attack successfully bypasses the 2FA because cookies are stolen after passing it and remain valid until the end of the session.
How Do We Defend Ourselves Against This Type Of Attack?
As explained several times, always be wary if you are not 100% sure of what you have received via e-mail, text message, or social media. Before opening any attachment or clicking on a link, find out by researching on the internet.
If you have clicked on the link by mistake, check the URL of the site (the address on the browser). Check if the content is written correct, always keep your operating system updated with Windows Update, and install and maintain your antivirus updated.
Also Read: Activate Two-factor Authentication For The Apple ID – Here’s How
