Google first rolled out its 2FA Security Encryption to stop stealing users’ credentials. Sadly, a new Windows alert just confirmed that this was broken, thanks to a new hacking tool.
The feature was designed to prevent stealing session cookies which feature users’ personal and sensitive credentials. Hackers bypass the two-factor authentication checks in place, despite being logged into accounts. This means hackers can access not only passwords but bank details as they’re logged in as that user.
But Google was well aware of the growing threats and that’s why in July of this year it confirmed that it was adding more layers of security and protection that protect users’ browsing sessions on Chrome. However, it may have spoken too soon.
In September, reports spoke about broken protections by several information stealers. Not only could they hack into data, but they could also decrypt sensitive credentials through Google Chrome.
One security researcher says that due to the growing number of hackers and threat actors, it’s time to create a tool that does the same thing so defenders can learn from its workings. The Chrome App-Bound Encryption Decryption uses Chrome’s internal COM IElevator service. It retrieves and decrypts keys which otherwise Chrome prevents unauthorized access to make cookies safe.
But this tool did come with a warning that it’s solely intended for purposes like cybersecurity research and for educational reasons. All compliance must be ensured regarding relevant legal and ethical guidelines while using the tool.
One spokesperson for Google Chrome adds how the code needs privileges from the admin that shows they’ve elevated this access successfully to pull such attacks.
Image: DIW-Aigen
Read next: TikTok Founder Tops China’s Richest Person List As App Surges In Global Popularity
The feature was designed to prevent stealing session cookies which feature users’ personal and sensitive credentials. Hackers bypass the two-factor authentication checks in place, despite being logged into accounts. This means hackers can access not only passwords but bank details as they’re logged in as that user.
But Google was well aware of the growing threats and that’s why in July of this year it confirmed that it was adding more layers of security and protection that protect users’ browsing sessions on Chrome. However, it may have spoken too soon.
In September, reports spoke about broken protections by several information stealers. Not only could they hack into data, but they could also decrypt sensitive credentials through Google Chrome.
One security researcher says that due to the growing number of hackers and threat actors, it’s time to create a tool that does the same thing so defenders can learn from its workings. The Chrome App-Bound Encryption Decryption uses Chrome’s internal COM IElevator service. It retrieves and decrypts keys which otherwise Chrome prevents unauthorized access to make cookies safe.
But this tool did come with a warning that it’s solely intended for purposes like cybersecurity research and for educational reasons. All compliance must be ensured regarding relevant legal and ethical guidelines while using the tool.
One spokesperson for Google Chrome adds how the code needs privileges from the admin that shows they’ve elevated this access successfully to pull such attacks.
Read next: TikTok Founder Tops China’s Richest Person List As App Surges In Global Popularity
