We’ve seen reports that Chinese hackers have figured out a way to bypass two-factor authentication. Obviously, this is concerning. Reported via Information Age, the article dives into how one cybersecurity firm believes how it was done.
A Chinese government-backed hacking group has found a new way to bypass two-factor authentication, according to a new report.
The report by Dutch cybersecurity firm Fox-IT attributes a range of cyber attacks on government entities and managed service providers to APT20, a hacking group linked to the Chinese government that has been on the radar for nearly 10 years.
The report tracks the attacks of the group over the last two years and details the method behind them.
Read the rest of the article on Information Age
This is pretty scary and just shows that the different types of 2FA implementation have varying degrees of security. SMS text and phishing has always been the most vulnerable, but now it looks as though the RSA ID token software is also not trustworthy. I'm sure that this specific vulnerability on the software can be patched, but who knows how long before it’s compromised again? Many high profile accounts and databases rely on the integrity and security of 2FA token generating apps, so this a serious issue for RSA to address.
For the time being, Tyler recommends to avoid using RSAid token app until there’s a solution.
As a reminder, we recommend using:
- Google Authenticator
- Microsoft Authenticator
- LastPass Authenticator
- Authy Two-Factor Authenticator
More information about how to setup Webroot 2FA here.