When usability met 2FA

Recordings

https://www.youtube.com/watch?v=gpMlqV6yMgc

View Recording

Abstract

In this talk, we discuss how recent attempts to enhance security in KAIST, one of the authoritative research institutes in South Korea, lead to an even more serious security risk. In particular, we present several design flaws we found in the KAIST’s new 2FA system and demonstrate how an attacker could bypass the entire authentication process using the vulnerabilities. This incident highlights that a seemingly trivial design mistake while emphasizing usability can jeopardize the whole system. We conclude this talk by sharing a lesson we learned.

Hyunsu Kim

Masters Student, Graduate School of Information Security, KAIST

 

Junoh Lee

SoftSec Lab in KAIST

 

Kihong Heo

.

 

Sang Kil Cha

Director at Cyber Security Research Center and Professor at Graduate School of Information Security, KAIST

 

Myeong Geun Shin

Software engineer at Furiosa AI