Read the blog post: www.gosecure.net/blog/2022/02...
This technique is simple as it only requires the attacker to manually, or even automatically, send repeated push notifications while trying to log into the victim’s account. The credentials used could be obtained via brute-forcing, password reuse or spraying. Once the attacker obtains valid credentials, they will perform the push notification spamming repeatedly until the user approves the login attempt and lets the attacker gain access to the account. This usually happens because the user is distracted or overwhelmed by the notifications and, in some cases, it can be misinterpreted as a bug or confused with other legitimate authentication requests.
Royalty Free Music from Bensound: www.bensound.com/
Негізгі бет Ғылым және технология MFA Attacks: Push Notification Fatigue Demonstration
Пікірлер: 3