Researchers successfully bypass SMS-Based 2FA protections

Researchers successfully bypass SMS-Based 2FA protectionsIt has been suggested that using a 2FA system will help protect users against hackers. To a certain extent that is true because 2FA systems add an additional level of security with a one-time generated code that would be impossible to guess. However it seems that researchers working on behalf of the Iranian government might have found a way around it.

In a report from Certfa Lab (via ArsTechnica), the researchers were successful in bypassing SMS-based 2FA systems used by the likes of Yahoo Mail and Gmail. How this worked was the researchers used a phishing attack that first attempted to elicit the passwod of the user. In the event that the user had a 2FA system in place, they were redirected to a new page where the one-time generated password would be entered.

However that website is merely a front and that information is being stolen by the hacker in real-time, allowing them to quickly enter the password into the actual login page. Given that 2FA passwords expire after a set amount of time, this hack needs to be done in real-time in order for it to work.

That being said, this seems to only affect SMS-based 2FA systems and that 2FA apps don’t seem to be affected yet. According to a Certfa representative, “We’ve seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they’ve managed to do such a thing or not. For sure, we know hackers have bypassed 2fa via SMS.”

Source: Ubergizmo

Tags: break, security

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (15)