[liberationtech] Time validation for 2-step verification codes
Nima Fatemi
nima at riseup.net
Wed Aug 27 11:43:26 PDT 2014
Richard Brooks wrote:
> Botnet in the mobile (BITM) like Zeus in the mobile (ZITM)
> usually gets around 2-step verification by tricking people
> to install malware on their Android that intercepts SMS.
or you could buy the main telecom company in the country and intercept
every single sms... oh right, seems like IRGC took care of that back in
'09. </semi-trollish>
>
> Can also be done by tricking the system to SMS another device
> (done lately to attack German banks).
>
> On 08/27/2014 11:29 AM, Amin Sabeti wrote:
>> Hi,
>>
>> Recently, a bunch of Iranian journalists/ activists have been targeted
>> by Iranian hackers.
What do you mean by Iranian hackers? could you share the source or more
details with me off the list?
>> Some of them said their 2-step verification was active during the attack
>> but hacker could reuse the code that sent by Google via SMS and passed
>> 2-step verification!
SMS?! really? they should be using the Google app, not the SMS!
#facepalm [1]
[1]
https://upload.wikimedia.org/wikipedia/commons/3/3b/Paris_Tuileries_Garden_Facepalm_statue.jpg
>> I was wonder to know if some folks here know the validation time for the
>> 2-step verification code that users receive through SMS not the app.
>>
>> Cheers,
>>
>> Amin
Stay safe!
--
Nima
0XC009DB191C92A77B | @nimaaa | mrphs
"I disapprove of what you say, but I will defend to the death your right
to say it" --Evelyn Beatrice Hall
More information about the liberationtech
mailing list