Chinese hackers can bypass intrusive two-factor authentication

Two-factor Authentication (2FA) is one of the latest and most secure Internet user credential security systems, widely used by industry-wide names from PlayStation to Facebook and past Google. However, a new report can put this protection to the test.

According to the Gizmochina website, a Chinese hacker group known as APT20 has been able to hack into systems protected by the 2FA verification method and, even worse, has been able to replicate this hack into similar systems practiced by other companies.

Two-factor authentication basically creates another layer of security between user and access to their platform of choice, and even unknowingly many people already use it: think about the last time you tried to log in to your account on Google, and you were asked, in addition to your username and password, to send a text message code to your mobile phone. This is a format possible by 2FA. Other platforms have a random code generator, which changes systematically after a certain period of time, such as Microsoft and Facebook, in addition to the aforementioned Google.

Safe user identification method has been circumvented by Chinese hackers
Safe user identification method has been circumvented by Chinese hackers

Technically, the group drew on a modified key from RSA SecurID security software, a protocol employed in the founding of the 2FA method, to circumvent the checks that attribute that user actually matches the person trying to log in to a platform. The key in question was an original token, modified by the group, and proved capable of misleading several platforms where, in practical terms, they made the system understand that the key they used was valid.

So far, there is no workaround or prevention method for this exploit, which effectively makes the 2FA method vulnerable to attack. The concern of the Chinese citizens is the most evident, since already indications that the group APT20 has links with the government of the country.

Which platforms have not been disclosed, but the group seems to be focusing on virtual private network companies (VPNs), which commonly rely on two-factor authentication to allow their users to log in – especially foreign users who want to circumvent the internet restrictions imposed by China’s national security policy.

Source: Gizmochina

Leave a Comment