Two-factor authentication increases the security of your accounts, but according to a new report by Check Point Software Technologies however, there may be risks. The attack Browser-in-the-Middle (BitM) can make your accounts vulnerable.
Security risk also for two-factor authentication
Two-factor authentication allows you to unlock an account online only after verifying your identity in two ways. For example after having used an ID or password you also need to check through SMS, app, email or OTP. A much safer way to keep your files.
Ma Check Point Software Technologies revealed that some hackers have found a way around this in some cases double protection. This is the Browser-in-the-Middle (BitM) attack, unveiled last year by some Italian researchers.
The security agency’s announcement comes after the discovery of the first malicious hacker which uses this technology: mr.d0x. We move from theory to practice: an attack that can compromise personal data.
David Gubiani, Regional Director Security Engineering Southern Europe
David Gubiani, Check Point Software Technologies’ Regional Director SE EMEA Southern explains how concerned this type of attack is. “This new type of attack is worrying. The BitM, Browser-in-the-Middle attack is potentially devastatingbecause it offers hackers a wide range of actions that can be used to the detriment of an unsuspecting user ”.
A “potentially devastating” attack
Gubiani explains that “Its main feature is that there is no need to install malware on users’ devices to access sensitive accounts. We can define the BitM attack, as the evolution of the Man-in-the-Middle (MitM)one of the best known and most worrying attacks in cybersecurity “.
An attack of this type can occur using the phishing or what smishing (phishing via SMS). The first security measure therefore is to check the authenticity of the messages. For example, if you have doubts about an SMS sent by your bank, you can call the bank to ask for confirmation. But in generating ndo not “use the link provided in the email or SMS, but to connect directly to the sites of their accounts. “
Leave a Reply
View Comments