In this talk, we discuss how recent attempts to enhance security in KAIST, one of the authoritative research institutes in South Korea, lead to an even more serious security risk. In particular, we present several design flaws we found in the KAIST’s new 2FA system and demonstrate how an attacker could bypass the entire authentication process using the vulnerabilities. This incident highlights that a seemingly trivial design mistake while emphasizing usability can jeopardize the whole system. We conclude this talk by sharing a lesson we learned.
Masters Student, Graduate School of Information Security, KAIST
SoftSec Lab in KAIST
.
Director at Cyber Security Research Center and Professor at Graduate School of Information Security, KAIST
Software engineer at Furiosa AI