20 June 2016
Hackers round the world are now on a spree as they’ve successfully found a way around the two-factor authentication (also known as 2FA).
Two-factor authentication is the type of data security where a second level of proof is needed to give data access. It is the most trusted method of securing your accounts by combining two different components.
Usually, a text containing a code is sent to your phone. This security type is usually used by banks.
Some wise hackers and account hijackers begun to find a way around this by disguising themselves as the companies themselves and sending the verification.
Alex MacCaw, co-founder of data API Company, Clearbit, was one of the first people to share this breakthrough by hackers as he shared a screenshot of a text attempting to trick its way past the 2FA on one Google account.
The trick involves:
The attacker sends the target a text message, pretending to be the very company that the target has an account with.
They say they have detected “suspicious” activity on the account, and so are sending the 2FA code to the target, which they should then text back to them to avoid having their account locked.
The victim, worried they are being hacked and not wanting to lose access to their data, sends the code back, believing they have thwarted the attempted hack.
But in doing so, they actually give the hacker the one thing they needed to break into the account.
The hacker enters the victim’s password, followed by this ill-gotten 2FA code, and they’re in.
Hackers go further to make their effort real by spoofing their identity so the text looks like it’s coming from the company, rather than an unknown number.
To be on the save side at this point, one would do well to scrutinise every message sent to ones phone.
Author: Ekpeki Donald Pen Prince
Ekpeki Chovwe Donald styled the PenPrince is a writer and lawyer in equity. He has an unhealthy interest in wit, pun and poetry. When he’s not writing, he’s reading and when he’s not reading, he’s breathing. He breathes words.