Google Chrome's Two-Factor Authentication Security Broken by New Hacking Tool

New Warning for Windows Users: Google Chrome's Two-Factor Authentication Security Broken by New Hacking Tool

Google Chrome's Two-Factor Authentication Security Broken by New Hacking Tool


Cookie-stealing protection was introduced with Google Chrome 127 to help users guard against credential-stealing and two-factor authentication (2FA)-bypassing malware. However, this protection was recently compromised by a newly released hacking tool.

Google Chrome Application Bound Encryption

Cybercriminals often use malware to steal sensitive information like passwords and bank account details. One common method is stealing cookies, especially session cookies, as this allows attackers to bypass 2FA protections, effectively giving them access to accounts as if they were already logged in.

Google Chrome Security Team's Response

Google Chrome’s security team noticed this trend. In July, Will Harris, a member of the team, confirmed that cybercriminals using cookie theft malware still pose a significant risk to users' security. He explained that Chrome already provides several security measures like safe browsing, device-bound session credentials, and Google’s account-based threat detection.

With the release of Google Chrome 127 for Windows, an additional layer of protection was introduced. Chrome can now encrypt data tied to the app’s identity, restricting unauthorized applications running under the same user account from accessing sensitive data such as cookies. This encryption aims to protect cookies initially and could extend to secure passwords, payment data, and other authentication tokens in the future.

Google Chrome App-Bound Encryption Decryption Tool

Despite the enhanced protection, hackers have already found ways to bypass it. According to Bleeping Computer, several types of infostealer malware managed to break the new Google Chrome protections as early as September, allowing them to decrypt sensitive information from the browser.

A security researcher named Alex Hagenah, known online as xaitax, recently released a tool that decrypts Chrome’s app-bound encrypted cookies, along with the full source code for educational purposes. Named the "Chrome App-Bound Encryption Decryption" tool, it allows attackers to decrypt Chrome's encrypted keys by exploiting Chrome’s internal COM-based IElevator service.

Hagenah clarified, “The tool provides a way to retrieve and decrypt these keys, which Chrome protects via app-bound encryption to prevent unauthorized access to secure data like cookies (and potentially passwords and payment information in the future).”

Warning on Ethical Usage

Hagenah issued a caution, stating that the tool is for cybersecurity research and educational purposes only, emphasizing the importance of adhering to legal and ethical guidelines.

A Google Chrome spokesperson commented, "This tool requires admin privileges, which indicates that we have successfully elevated the level of access needed to carry out this type of attack."

Conclusion

Despite ongoing efforts by Google’s security team to safeguard users’ sensitive data, cybercriminals continue to find ways to circumvent advanced security measures. Users are advised to stay updated on the latest cybersecurity news and be cautious of tools that allow unauthorized parties to bypass critical security protections.


Next Post Previous Post
No Comment
Add Comment
comment url