[liberationtech] Time validation for 2-step verification codes
Richard Brooks
rrb at g.clemson.edu
Wed Aug 27 08:44:56 PDT 2014
Botnet in the mobile (BITM) like Zeus in the mobile (ZITM)
usually gets around 2-step verification by tricking people
to install malware on their Android that intercepts SMS.
Can also be done by tricking the system to SMS another device
(done lately to attack German banks).
On 08/27/2014 11:29 AM, Amin Sabeti wrote:
> Hi,
>
> Recently, a bunch of Iranian journalists/ activists have been targeted
> by Iranian hackers.
>
> Some of them said their 2-step verification was active during the attack
> but hacker could reuse the code that sent by Google via SMS and passed
> 2-step verification!
>
> I was wonder to know if some folks here know the validation time for the
> 2-step verification code that users receive through SMS not the app.
>
> Cheers,
>
> Amin
>
>
More information about the liberationtech
mailing list