• cron@feddit.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    1 month ago

    Not really a MFA bypass, but rather some impressive social engineering:

    The attacker leverages AI-generated deepfakes to create a synthetic identity complete with a forged government document (e.g., passport) and a facial recognition bypass video.

    They use this identity to gain access to the account, if I understood it right.

    • Breve@pawb.social
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 month ago

      It’s to get around the KYC (Know Your Client) requirements that many financial institutions and cryptocurrency exchanges have when creating a new account to curb money laundering. Obviously criminals using crypto for dark markets need a way to convert it back to cash without giving up their real identity.

    • cron@feddit.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      There are some legitimate attacks on MFA, like stealing cookies. But in most cases, MFA is solid and attackers target the humans behind it (phishing, scamming, social engineering).