Hackers find simple method to bypass two-stage verification

Hackers have found a new way to bypass two-stage verification. The hackers have succeeded in automating this process and can thus relatively easily break into accounts of Google and Yahoo, among others. Secure e-mail accounts do not seem as secure as expected.

At least that’s what Amnesty International says in a research report. In it it writes about a lot of different methods of hackers to use to break into user accounts. There would be a number of campaigns in which the hackers would use the techniques and they would focus on human rights organisations.

Phishing and fake sites

According to Amnesty International, hackers focused on hundreds of Google and Yahoo accounts in the first of these campaigns. In doing so, they would have succeeded in successfully circumventing two-stage verification. The attackers created a fake Gmail page, where people who were lured there had to fill in their account details. They were then notified that a verification code had been sent to their smartphone. Amnesty’s test device actually received a text message with a verification code. By entering that code on the fake site, the hackers will have access to the entire account.

This process of circumventing the two-stage verification is not very complicated. It mainly shows how big the impact of phishing is and how big the risk is that people who are not paying attention for a while. Amnesty states in its report that users who are vulnerable to this type of campaign should consider switching to more advanced security techniques.

The examples of Amnesty are all about security codes that are sent by text message. At the same time, it thinks that the same techniques can work for authentication apps like Google. People can also arm themselves against this, for example by switching to physical devices that confirm your identity. Google has already launched it, as well as a number of third parties.