Cybercriminals can bypass two-factor authentication. In this article, we return to the topic and see what 2FA is and what it is for. Above all, we try to understand how cybercriminals bypass it and what solutions are available to defend themselves.
Two-factor authentication, 2FA, is a secure authentication method for computer systems and platforms. It consists of using two authentication methods instead of one.
For example, you are entering a password and scanning your fingerprint.
It is often confused with two-step verification (2SV), which is different.
Two-factor authentication effectively protects accounts because it raises the level of security, making it more difficult for attackers and unauthorized users to gain access.
As explained in some previous articles, two-factor authentication (2FA) is based on the joint use of two particular methods (usually over two channels).
For example, when we access our current account and provide your UserID and password, we also use a (one-time password or OTP).
A code that can only be used once it is created and sent to the user or generated through a token.
Cybercriminals, as we know, are always looking for some flaw to use to bypass the various controls. A new phishing technique exploits Microsoft Edge WebView2 applications to take possession of authentication cookies and allow pirates to log in to stolen accounts. This bypasses 2FA.
Of course, for cybercriminals, two-factor authentication is complicated to bypass and makes life difficult.
However, the researcher has created a new phishing method that allows an attacker to easily steal authentication credentials and log in to accounts that use 2FA authentication.
As with all types of phishing attacks, the foundation is social engineering. The cybercriminal leads the poor victim to launch an executable called (WebView2), which, once executed, opens a login page to a legitimate site within the same application.
The researcher specifies in his blog that (WebView2) allows to integration of Web technologies such as HTML, JavaScript, and CSS as if they were browsers. This technique will enable apps to load any site and make it appear open in Microsoft Edge.
WebView2 allows developers to access cookies directly and inject JavaScript into the loaded page.
Perhaps the most dangerous is that the code accesses the Chrome User Data Folder (UDF) folder, which contains all passwords, user bookmarks, and sessions. This way, it is possible to export site cookies upon authentication and send them to the attacking server.
The attack successfully bypasses the 2FA because cookies are stolen after passing it and remain valid until the end of the session.
As explained several times, always be wary if you are not 100% sure of what you have received via e-mail, text message, or social media. Before opening any attachment or clicking on a link, find out by researching on the internet.
If you have clicked on the link by mistake, check the URL of the site (the address on the browser). Check if the content is written correct, always keep your operating system updated with Windows Update, and install and maintain your antivirus updated.
Also Read: Activate Two-factor Authentication For The Apple ID – Here’s How
There is not an industrial sector or a company that is not being transformed today… Read More
Although its logistics capabilities have been known for some time, RFID technology is now ready… Read More
There is great expectation for the future reform of the ePrivacy directive, which concerns the… Read More
How Many Steps Does Market Research Involve? The best technique for doing statistical surveying is… Read More
On September 9 and 10, Silicon is organizing two days of web conferences to share… Read More
Today's unpredictable business world presents serious security breaches and data theft threats as constant risks;… Read More