You are using an older browser version. Please use a supported version for the best MSN experience.

Hacking toolkits to bypass two-factor authentication actively selling on Dark Web

India Today logo India Today 29-12-2021 Sarthak Dogra

Two-factor authentication has become a must for online presence these days. We see every digital platform touting it as the most important security step for your account. While the claim might put you at peace, know that there are established ways of getting around this security wall. Even more concerning is the fact that there is little to nothing that you can do to prevent these hacks.

The reason why two-factor authentication is hailed as the epitome of online security is that it employs two different levels of security codes. One is the password that you have set for your account, while the other is the randomly generated code that you receive (through text or code generators) right at the time of login (or whenever required). Since it is only possible for you to know the random code, your account is presumably safe even if your password is compromised.

But hackers have found several ways over time to bypass this seemingly foolproof system. Initially, these ways relied on simple voice phishing to get the random code out of the account holder by duping him/ her on some pretext. Now, these attempts at hacking 2FA have become more sophisticated.

A new study points out that they are also becoming increasingly common in the hacker community.

Research conducted by researchers from Stony Brook University and cybersecurity firm Palo Alto Networks has found numerous "phishing toolkits" that can be used to hack 2FA setups. First spotted by The Record, the study also mentions that these toolkits are actively being sold on the dark web, to anyone wanting to hack an account using it.

Bypassing Two-Factor Authentication

As noted in the study, researchers have managed to find over 1,200 phishing toolkits online. These toolkits contain malicious codes that enable a hacker to launch sophisticated cyber attacks on a target. These attacks are specifically meant to steal 2FA authentication cookies from a system, thus allowing a hacker to bypass 2FA security.

This is done through what is called Man-in-the-Middle (MITM) attacks, wherein a hacker is able to redirect the traffic from a victim's computer through a phishing site that employs a reverse proxy server. The attacks thus establish a channel between the target system and the website, wherein the hacker sits right in the middle, watching every information that flows.

As the victim submits the 2FA code to the intended website, it flows via the phishing site. Once authentication is completed, "the session cookie provided by the target web server is saved by the MITM phishing toolkit," the study notes. The attackers are thus able to send authenticated requests "in the name of the victim to the website" in the future and access their accounts.

Unfortunately, while using 2FA is easy, there is little that an average Internet user can do to prevent such attacks on it. The research mentions that these toolkits will have to be identified at a network level and the phishing websites will have to be blocklisted by all the major digital service providers. The researchers also created a fingerprinting tool, called PHOCA, to automatically detect MITM phishing toolkits on the web. To help tackle attacks from such toolkits, the researchers have open-sourced PHOCA and their curated datasets.

Replay Video

Watch Live TV in English

Watch Live TV in Hindi

More from India Today

image beaconimage beaconimage beacon