The two-factor authentication This is one of the most relevant measures we can take when it comes to data protection. Thanks to it, a second confirmation is required apart from the password at the time of connection. Now alright doesn’t mean it’s impenetrable. New research shows how a group of hackers created malware capable of bypassing this method of security.
The survey was published by the security company Check Point, in which they compile a series of tools used by a group of Iranian hackers to access your victims’ devices. While the exact identity of this group is not known, they believe it is associated with the government of the country by targeting different minority groups opposed to the government. Among these malicious tools, the one that allows bypassing the 2FA method is particularly relevant. In February, another similar piece of malware appeared, gaining access to Google’s two-factor authentication app.
Back door and SMS forwarding
As detailed, it is a malware designed for Android devices to create a backdoor on phones. By introducing this malware on the devices of the victims, the hackers could get the contact list or the SMS sent and received, as well as the recordings made with the microphone without authorization or by opening fake web pages.
With these device control capabilities, the group you can bypass two-factor authentication relatively easily. Generally speaking, two-step authentication sends an SMS to the user when they log in and they must confirm the code of this SMS when logging in. The code is sent to a phone number that the user has previously specified. This is a decent measure to prevent unauthorized connections, but it is not the most effective of all, as it has been shown time and time again that SMS can be intercepted.
What seems to be what he does malware found by Check Point is automatically detect and resend verification SMS double factor, for example those from Google that start with “G-” or some from Telegram and other social networks. Likewise, it also opens the web pages of Phishing to victims by making them believe it is a reliable website. With the latter, they get more credentials without the victim knowing.
In this case, it seems that a specific group of users (opponents of the Iranian regime) has been targeted, but it is an opinion that no security method is invulnerable. Researchers claim to have found the malware in a Swedish app that taught Persian speakers about driving laws in Sweden to get a driver’s license.
As bad as it sounds, the truth is that two-factor authentication still a great way to protect data and connections. What’s not so good is using SMS as a second factor, there are better options like temp codes in authenticator apps, tokens physical or confirmation of a paired device. And, of course, activate it in all possible places.
Source : Engadget