If so far you have thought that thetwo-factor authentication were the safest way to protect your data, you’re wrong. In fact, recently, three Italian researchers have shown that the system can be hacked without too much effort. Let’s find out how.
Two-factor authentication: three Italian researchers reveal how to hack the system
Franco Tommasi, Christian Catalano e Ivan Taurino they recently developed a hacking attempt capable of bypassing the two-factor authentication system. An experiment that worries cybersecurity experts not a little, especially given that this system is considered one of the safest at the moment. But how does the attack developed by the Italian researchers really work? First, the attack starts from a phishing attempt, leading users to an authentic – and not a bogus – destination site. Reason why the researchers called it “Browser-in-the-Middle (BitM) attack“.
In fact, the experiment demonstrated how it is possible to make users view an intermediary browser exactly identical to the one they usually use. “The method is based on the same protocol used to control the screen of a remote computer. In our case, the victim views the attacker’s screen, a full-screen web browser that is actually ‘visiting’ the authentic site. The victim thus interacts with the attacker’s computer without realizing it, believing he is visiting the authentic site “. So Tommasi explains how to bypass the two-factor authentication system. Adding: “Unfortunately this is a difficult attack to block and the only effective countermeasure is to prevent phishing but no matter how hard you try there will always be someone who falls for it”.