Attacker circumventing 2FA. How to defend?

Not all two-factor authentication schemes are the same. Some forms of 2FA, such as sending you a text message, are not secure against this attack. Other forms of 2FA, such as FIDO U2F, are secure against this attack -- they have been deliberately designed with this kind of attack in mind.

FIDO U2F provides two defenses against the man-in-the-middle attack:

  1. Registration - The user registers their U2F device with a particular website ("origin"), such as google.com. Then the U2F device will only respond to authentication requests from a registered origin; if the user is tricked into visiting goog1e.com (a phishing site), then the U2F won't respond to the request, since it can see that it is coming from a site that it hasn't been previously registered with.

  2. Channel ID and origin binding - U2F uses the TLS Channel ID extension to prevent man-in-the-middle attacks and enable the U2F device to verify that it is talking to the same web site that the user is visiting in their web browser. Also, the U2F device knows what origin it thinks it is talking to, and its signed authentication response includes a signature over the origin it thinks it is talking to. This is checked by the server. So, if the user is on goog1e.com and that page requests a U2F authentication, the response from the U2F device indicates that its response is only good for communication with goog1e.com -- if the the attacker tries to relay this response to google.com, Google can notice that something has gone wrong, as the wrong domain name is present in the signed data.

Both of these features involve integration between the U2F two-factor authentication device and the user's browser. This integration allows the device to know what domain name (origin) the browser is visiting, and that allows the device to detect or prevent phishing and man-in-the-middle attacks.

Further reading on this mechanism:

  • An excerpt from the FIDO U2F spec, regarding defenses against MITM attacks.

  • Yubico's explanation of the protocol flows.


Out of band 2FA is the correct approach. This means that you have a second factor that can't be phished, like a client cert or FIDO U2F. Codes, or SMS-based 2FA models are the weakest 2FA options because they're in-band, and as you've described, can be phished just as credentials can.

They're convenient because they can be used by nearly anyone, and they're certainly better than nothing, but the security they provider should never be confused with the security provided by out-of-band 2FA.


This is one of the situations a (in browser) password manager will help you.

Because a password manager stores passwords by their real url, it won't autofill in the attacker's page, or even give suggestions. In addition to not leaking the 2 step password token, it also protects the password from being leaked.

This protection even works better if the user does not know his own password, and can only interact through the password manager for filling in the password.

Tags:

Multi Factor

Related

Password expiration and compliance (ISO, NIST, PCI, etc) How did "tech-supportcenter" phishers trick Google? How can I prove this site has a huge security weakness? Is this invalid HTTP_HOST header part of an exploit? Protect Raspberry Pi's physical sd card to be swapped Security concerns issuing wildcard certificates to individual employees What is the difference between a backdoor and a rootkit? How do mobile apps maintain such long sessions while still being considered secure? Security implication of telling the user they can't login because of too many attempts from IP Why does a SSH server need a host key-pair? Is WhatsApp or Facebook Messenger secret conversation a reasonable method for transferring passwords? Why do some sites ask for username/email and password on two separate screens?

Recent Posts