“MFA Fatigue” attack targets iPhone owners with endless password reset prompts

iPhone showing three password reset prompts

Enlarge / They look like normal notifications, but opening an iPhone with one or more of these stacked up, you won’t be able to do much of anything until you tap “Allow” or “Don’t Allow.” And they’re right next to each other. (credit: Kevin Purdy)

detailed the attacks in a recent post, noting that “MFA Fatigue Attacks” are a known attack strategy. By repeatedly hitting a potential victim’s device with multifactor authentication requests, the attack fills a device’s screen with prompts that typically have yes/no options, often very close together. Apple’s devices are just the latest rich target for this technique.

Both the Kremlin-backed Fancy Bear advanced persistent threat group and a rag-tag bunch of teenagers known as Lapsus$ have been known to use the technique, also known as MFA prompt bombing, successfully.

Read 11 remaining paragraphs | Comments

Article Tags:
Article Categories: