This is how your account can be hacked even with two-factor authentication and strong passwords
This is how your account can be hacked even with two-factor authentication and strong passwords
It is recommended to use a strong password and enable two-factor authentication (2FA) to keep your online accounts secure. Although these are important steps, they should never be ignored.
But the truth is different here. Even if you have a strong password for your account and have enabled two-factor authentication, your account can be hacked.
But how? That is ‘cookie theft’. It is much easier than you think. Let’s understand in detail.
What is cookie theft?
When you log in to a website, your browser saves something called cookies. These cookies contain your ‘session ID’. This is the thing that tells you that you have already logged in to that website.
Think of it as a ‘gate pass’. As long as you have the cookie, the website will not ask you for your password or TFA again. It simply allows you to enter the website.
If someone steals such a cookie, that person can easily use your identity or status on the website as you do. Such a person does not need your password, nor does he need TFA. Just your cookie is enough.
Some common methods used in cookie theft
1. Manual cookie theft using ‘Inspect Element’
This method is very simple. To avoid this, you need to understand where it is and how it is taken. For that, you can follow the process below.
First of all, go to any website where you have an account login in the browser and open the developer tools. (For this, you can right-click the mouse and go to the Inspect option or press ‘F12’ or ‘Fn’ together with F12.)
Then go to the Application tab and go to the Cookies option.
Now copy the Session Cookies of the logged in account like ‘session_id’, ‘auth_token’.
Then paste the session cookies in another browser. After doing this, your account will appear logged in in the browser where you are not logged in.
Here is a demo of GitHub in the Chrome browser of Windows.
First of all, go to ‘https://github.com’ and sign in. Then press F12 to open ‘Developers Tools’. Then go to the Application tab and go to the Cookies section. And click on ‘https://github.com’. Find the highlighted name (user_session and saved_user_session ID) and copy its value.
Image: Copying ‘user_session’ and ‘saved_user_session’ IDs from the browser
Image: Copying ‘user_session’ and ‘saved_user_session’ IDs from the browser
Now, paste these session IDs in the same field on another device or another browser on the same device and refresh. This way we can access the user’s account without logging in.
This example shows that someone can manually steal the session using the device.
2. Risky browser extensions
While some browser extensions may seem useful to you, they may be secretly stealing your cookies.
These extensions can silently collect all your session cookies and send them out.
The hacker then injects those collected cookies into his browser.
They now have easy access to your account. They don't need your password or TFA.
Therefore, you should only use extensions created by trusted developers. You can always check what permissions they are requesting. If they are asking for unnecessary access, you can remove them immediately.
3. Directly stealing cookie files
The major browsers we use store cookies in files within the system.
Firefox: (C:\Users\<Your_Username>\AppData\Roaming\Mozilla\Firefox\Profiles\<Profile_Name>\cookies.sqlite)
Chrome: (C:\Users\<Your_Username>\AppData\Local\Google\Chrome\User Data\Default\Cookies
)
Cookie stealing process
Initially, the hacker gains access to your computer by physically gaining access or using malware.
It copies the associated cookie files (such as cookies.sqlite or Cookies).
Then it can use your session from another computer's browser.
The browser reads those cookies.
And, the hacker can recreate your active session without a password or TwoFA and log in directly to your account.
4. Malware and scripted attacks
Hackers also use malware to steal cookies and passwords from browsers like Chrome, Firefox, and Edge. Some malware can bypass antivirus programs and silently send your data to the hacker.
This is why you should never install unauthorized, unknown, or unfamiliar software. This is especially dangerous when installing software from random websites or torrents.
Why can't TwoFA prevent cookie theft?
TwoFA only works when someone tries to log in with your account username and password. However, if a hacker gets your session cookies, they don't have to keep logging in. Once they have the session ID, the website will assume that you are the person and log them in.
Comments
Post a Comment
If you have any doubts. Please let me know.