Follow

A new tool has been released which implements MitM attacks against 2FA, including Protonmail.

zdnet.com/article/new-tool-aut

Forewarned is unflatlined, folks.

@drwho eh we all knew this was coming at some point.

@drwho I am interested by why U2F is not vulnerable. I guess I will need to dive into the specs.

@drwho I mean unless we're talking about 30s time-based codes. U2F is a single-use code if I am correct. But then, so are SMS codes, usually.

Humpf.

@drwho "Modlishka is inefficient against U2F-based schemes that rely on hardware security keys."

ProtonMail needs to support U2F!

@drwho "Duszyński said that while his tool can automate the process of a phishing site passing through 2FA checks based on SMS and one-time codes, Modlishka is inefficient against U2F-based schemes that rely on hardware security keys."

small comfort i guess?

@drwho This has been happening via email for some time now

This is why Google keeps changing their signin page every few months

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.