Hackers | Message Mirroring Apps

30 Aug

Can Hackers use Message Mirroring Apps to Bypass Security?

Forty years ago, the world was a safer, and slower place. The internet was still in its infancy, and the need for online security would have featured low on a business’s to-do list. Fast forward to 2021, where online security, data storage and protection are now a priority and message mirroring apps another security concern altogether.

passwords vs 2FA

Most businesses make use of passwords as a means of protection but in this digitised environment a single password security system is all too easy to bypass.

Almost 80% of hacking-related breaches are attributed to weak and compromised credentials. Thus, the need for two-factor authentication (2FA) which provides an extra layer of security, which works in conjunction with your username and password.

However, as with everything internet related would-be hackers aren’t thwarted for long. Any hacker worth his weight in technical exploitation can develop ways of bypassing 2FA via the single access codes sent by SMS to a smartphone.

attack of the androids’

Hackers can also bypass SMS-based 2FA remotely by gaining access to the users email and password combination connected to a Google account. They then install a readily available message mirroring app onto the phone via Google Play.

This form of attack is made easy as people tend to be creatures of habit, using the same login details and passwords for many of their online services. Unfortunately, this type of online behaviour increases the risk of being hacked.

Once the message mirroring app is installed, the attacker reverts to good old-fashioned trickery and, posing as the service provider, influences the victim to grant the relevant app permissions. The hacker now has full access to their communications and SMS one-time passcodes used for 2FA.

Although there are several conditions to be fulfilled if this kind of attack is to work, it demonstrates that SMS -based 2FA methods do have their weaknesses. This form of attack doesn’t require much more than an above average knowledge of how apps work coupled with a bit of social engineering.

Imagine how real the threat if a trusted person with access to your smartphone orchestrated this type of attack.

how can you protect yourself from message mirroring apps?

  • Utilise a Password Manager – This makes your username /password more secure
  • Limit the use of SMS as a 2FA method – Use app-based one-time codes generated in apps such as Google Authenticator
  • Use dedicated hardware devices such as YubiKey– USB devices that enable 2FA across different services

Aside from using password managers and implementing alternative authentication methods, make sure that your data is backed up and stored securely in the cloud.

Comments are closed.