› Forums › Security › Announcement (Security) › Data over sound powered authenticator
Tagged: Product_A14, SecureElement_H11, Security_S12, UseCase_G14
- This topic is empty.
-
AuthorPosts
-
-
April 1, 2020 at 6:08 am #41410
#Announcement(Security) [ via IoTGroup ]
#Product #Organizer : Trillbit
Headings…
Data over sound powered authenticatorAuto extracted Text……
A few months back, Jack Dorcey’s twitter account was hacked (Link).
A way to protect against such attacks is to use an authenticator app like Google Authenticator and Authy.
The recent news that malware can steal authentication codes from these apps changes that (Link).
So how can the data over sound help in the dangerous world of sim jacking, man in the middle attack, and malware hacking authenticators?
Once this sim swap is complete, they get access to all your 2FA SMS codes and can gain access to any of your accounts, including your bank accounts.
A cybercriminal can trick you into visiting a fake website, and once you enter your 2FA credentials there, they can gain access to your account.
How does Google / Authy authenticator work?
Authenticator apps such as Google Authenticator & Authy are an alternative to SMS for 2-Step verification.
You need to install the app, which generates 6-8 digit codes.
When logging into a site supporting Authenticator third-party applications such as password managers, users must enter the generated code into along with the usual login details.
While navigating to the authenticator app and typing it is painful, it was assumed to be safer than SMS, until Now. Recently malwares have gained the ability to extract and steal one-time passcodes (OTP) generated through Google Authenticator.
Though it is still safer than SMS 2FA, malwares expose a critical threat.
How can data over sound solution from Trillbit better?
Here is how authentication using the internet of sound works.
When you try to login to a Trillbit enabled site or using Trillbit’s chrome plugin, a unique inaudible code (256-bit encrypted code) is played by your phone.
Your webpage/chrome plugin hears it decodes the authentication code and lets you log in.
No typing: Trillbit solution does not require the user to look in the authenticator and manually type in the code.
Immune to social hacking where the users are duped into revealing their codes over phones
Read More..
AutoTextExtraction by Working BoT using SmartNews 1.02976805238 Build 26 Aug 2019
-
-
AuthorPosts
- You must be logged in to reply to this topic.