This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
GordonMathias
Beginner
Beginner
‎2019-12-24 10:28 AM

Chinese hacker group caught bypassing 2FA

Jump to solution

Hello,

 

I've been going through the recent news articles that are making its round on the internet regarding bypass of 2FA using the RSA SecurID tokens. Articles below:-

 

https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf 

 

Chinese hacker group caught bypassing 2FA | ZDNet 

 

Questions:

 

1. Has RSA addressed these articles yet?

2. The report doesn't clearly state this but the thesis seems to imply that the STDID file based import is what is being exploited. I wanted to understand if the CT-KIP based distribution would also have the same impact?

 

Thank You,

Gordon

Reply
1 Solution

Accepted Solutions
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2020-01-08 05:32 PM

Jump to solution

Gordon Mathias‌,

 

Please review Important Statement from RSA Regarding RSA SecurID Software Token Provisioning Best Practices for the response from RSA regarding this report.

 

Regards,

Erica

View solution in original post

Reply
2 Replies
David
Frequent Contributor
Frequent Contributor
‎2019-12-26 04:40 AM

Jump to solution

Hi Gordon,

 

Just took a read at both articles, and, from my understanding, the issue described resides in the fact the the attacker edited the Software Token source code to be able to import the SecurID Token Seed without getting the error message "Device intended for this token was not found...".

 

What does that mean ?
    The attacker already had the SecurID Token Seed file in its possession
What about CT-KIP Software Token delivery ?
    The CT-KIP distribution can be configured on the number of valid days before the Activation Code expires
    I think it could be great that RSA developers add an option that would be the number of times you can use that Activation Code, so we could set it to just "1"
    >> For the CT-KIP Software Token delivery, you should ONLY allow this being done from within your corporate networks, so that could avoid bypassing this when trying to connect from outside your corporate networks

 

CT-KIP Activation Code expiration configuration :

RSA Security Console - Software Tokens.png

 

Let's see what other folks would say regarding your questions


Kind Regards,

David

Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2020-01-08 05:32 PM

Jump to solution

Gordon Mathias‌,

 

Please review Important Statement from RSA Regarding RSA SecurID Software Token Provisioning Best Practices for the response from RSA regarding this report.

 

Regards,

Erica

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.