In a surprising turn of events, it seems that Blizzard Authenticator users are now being targeted to have their accounts hacked. Long thought to be the safest way to keep your account safe, Authenticators users are now the target of attacks. The best thing to keep your account safe, is use a great anti-virus program if you want to know my recommendations, read “System Protection, Use it or Lose It“. Should you be worried? Yes!
If you use anything but my recommendations, then you place your account at risk… but you still might be safe. However you should immediately scan your system for a file called “emcor.dll”. If you find it, delete it and then change your password immediately – don’t change your password before deleting it and emptying the recycle bin.
 Quote from: Kropacius (Source)After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack This is still perpetrated by key loggers, and no method is always 100% secure. |
loading...
ROFL! This just made my day.. I have been telling people that the authenticators had already been reverse engineered.. No one believed me..
This does not mean they’ve been reverse engineered–it’s a keylogging exploit
They are keylog poeple, so they find out what key they used, and then just input the code into a program they created which tells them the password they used originally to create the key that the authenticator uses. From there they can input the proper codes as much as they want, when trying to log into the account they stole.
There is a talk of a authenticator that needs 3 codes to sync with a generic authenticator. It’s possible that someone took the iphone app and reverse engineered it, to make it work natively or possibly even emulated on something like linux or freebsd. Since this thing sends the wrong code to Blizzard, it’s possible that the people could be trying to grab 3 codes in order to apply it to a cracked authenticator.
They are key-log people, so they find out what key they used, and then just input the code into a program they created which tells them the password they used originally to create the key that the authenticator uses. From there they can input the proper codes as much as they want, when trying to log into the account they stole.
Just read some news where they have a Desktop Authenticator. It was being tested in December, might be live now, or still being beta tested. However the point is that a desktop authenticator would be easier to backwards engineer.
Get the code, enter the code to get on the account. Get the code again, to change the authenticator to your own desktop version. Only need 2-3 codes and can then disable the previous owner’s version and apply your own. Sounds like a workable hack to me.
Brilliant move by the account thieves, hopefully more people read this and read my System Protection post, to get better protected on their system.
Reverse engineering is irrelevant. The algorithm is actually public, but because it uses public key cryptography, you aren’t going to be breaking it. I have written an implementation for Windows at http://code.google.com/p/winauth/.
What is important is keeping the secret key stored in the authenticator safe. This isn’t a problem for the physical device. But for mobile devices, or the Windows one, your private key must be secured.
However all devices are still prone to a man-in-the-middle attack, but it is time-sensitive (you have a 30 second window).
At any rate, having an authenticator is still better than not.