Tag Archive for: twofactor

Android 15 Could Offer a Boost to Two-Factor Authentication Security to Keep User Data Safe: Report


Android 15 is still under development, but on Friday, February 16, Google released the first Developer Preview of the upcoming operating system. The tech giant said that the new Android software will largely focus on security, and a new report claims to have found three new ways it will make your smartphone and your sensitive data more secure. According to it, Android 15 will be able to better protect the notifications that arise from two-factor authentications (2FA) so that a malicious app or malware cannot access it to steal user data.

According to a report by Android Authority’s Mishaal Rahman, Android 15 will be implementing new ways to cover the gaps left behind by its predecessors. Currently, most two-factor authentication methods for social media profiles, emails, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party app can read this notification and use it to hack into sensitive data or get into your banking apps and steal money.

To reduce the risk, Google has already begun placing strings of codes in the current edition of the OS. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a higher protection level and can only be given to apps that Google personally verifies. The exact role of this permission is not known but given its naming, it appears to deal with a special category of notifications that will not be accessible for third-party apps to read.

The report highlights that it is likely aimed at 2FA-related notifications. The belief comes from a separate string of code found by Rahman, which points to an under-development platform feature, to which the permission is tied. The feature is named NotificationListenerService and it is an API that lets apps read or take action on notifications. A general use case would be how many apps ask for access to notifications to auto-fill OTP when creating a new account. However, once this API becomes active (it isn’t in the Android 14 build), this will get more difficult.

This API will require the user to enter Settings and then manually grant permission to apps…

Source…

NCC urges adoption of two-factor authentication to protect telegram accounts against attack – The Sun Nigeria


From Adanna Nnamani, Abuja

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users to adopt two-factor authentication to protect their Telegram accounts and to avoid downloading unauthorized Advanced IP Scanner Software.

This, the  NCC says is in response to the discovery of a new attack that compromises victims’ VPN (Virtual Private Network) accounts to compromise messaging app, Telegram.

According to a statement from the Commission, Ukrainian cyber experts discovered the attack, which uses Vidar Malware (Vidar Stealer) to steal Telegram session data, which in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim’s telegram account and corporate account or network.

“The malware, which exploits unauthorized access to users’ Telegram accounts and corporate accounts to steal data, targets platforms across iOS, Android, Linux, Mac and Windows Operating Systems.

“The Ukrainian CERT alleged that a Somnia Ransomware was created to be used on Telegram that tricks users to download an installer that mimics ‘Advanced IP Scanner’ software, which contains Vidar Malware. The installer infects the system with the Vidar stealer, which steals the victim’s Telegram session data to take control of their account.

“The threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates). If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network”, the alert and advisory states.

“Once inside, the intruders conduct reconnaissance work using tools like Netscan, Rclone, Anydesk, and Ngrok, to perform various surveillance and remote access activities, and then deploy a Cobalt Strike beacon, exfiltrating data using the Rclone program,” the report stated.

“The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large. The CSIRT also works collaboratively with…

Source…

New Methods Could Improve Security Of Two-Factor Authentication Systems


artist

When utilized as second-factor authentication, push notifications work as an additional layer of security to protect users’ online accounts from attackers.


Getty Images

 

As an extra layer of security, several online services have adopted push notification-based two-factor authentication systems, whereby users must approve login attempts through a mobile device. In current authentication systems, especially the “tap to approve” approach, there is no explicit link that indicates correspondence between the user’s browser session and the notification they receive on their device. This vulnerability can be exploited by an attacker.

To address this issue, a team of researchers that includes Nitesh Saxena, professor in the Department of Computer Science and Engineering at Texas A&M University, has designed new, easy-to-use methods to counter the vulnerabilities in push notification-based two-factor authentication systems.

“The mechanisms we designed have a similar usability to the original push notification-based authentication method, but they improve security against concurrent login attacks,” said Saxena. “If a user receives two notifications, the notification that corresponds to the browser’s session of the attacker will differ. Therefore, the user should be able to detect that something is amiss and not accept the wrong notification.”

The team’s paper describing the research was published in the proceedings from the 2021 Institute of Electrical and Electronics Engineers’ European Symposium on Security and Privacy (EuroS&P), one of the premier venues for cutting-edge cybersecurity research.

Push notifications are clickable pop-up messages sent directly to a user’s mobile or desktop device via an installed application. They can appear at any time and show various things such as the weather, breaking news, missed calls or text messages, reminders, etc.

They can also be utilized as second-factor authentication (or password-less authentication), which works as an additional layer of security to protect users’ online accounts from attackers. With push notification authentication, a push notification is sent directly to a mobile device —…

Source…

Hacking toolkits to bypass two-factor authentication actively selling on Dark Web






Two-factor authentication has become a must for online presence these days. We see every digital platform touting it as the most important security step for your account. While the claim might put you at peace, know that there are established ways of getting around this security wall. Even more concerning is the fact that there is little to nothing that you can do to prevent these hacks.

The reason why two-factor authentication is hailed as the epitome of online security is that it employs two different levels of security codes. One is the password that you have set for your account, while the other is the randomly generated code that you receive (through text or code generators) right at the time of login (or whenever required). Since it is only possible for you to know the random code, your account is presumably safe even if your password is compromised.

But hackers have found several ways over time to bypass this seemingly foolproof system. Initially, these ways relied on simple voice phishing to get the random code out of the account holder by duping him/ her on some pretext. Now, these attempts at hacking 2FA have become more sophisticated.

A new study points out that they are also becoming increasingly common in the hacker community.

Research conducted by researchers from Stony Brook University and cybersecurity firm Palo Alto Networks has found numerous “phishing toolkits” that can be used to hack 2FA setups. First spotted by The Record, the study also mentions that these toolkits are actively being sold on the dark web, to anyone wanting to hack an account using it.

Bypassing Two-Factor Authentication

As noted in the study, researchers have managed to find over 1,200 phishing toolkits online. These toolkits contain malicious codes that enable a hacker to launch sophisticated cyber attacks on a target. These attacks are specifically meant to steal 2FA authentication cookies from a system, thus allowing a hacker to bypass 2FA security.

This is done through what is called Man-in-the-Middle (MITM) attacks, wherein a hacker is able to redirect the traffic from a victim’s computer through a phishing site that employs a reverse proxy server. The attacks thus…

Source…