Yahoo Finance Remote working technology faces 'critical' risk of hacking
People who sign into their computers to work from home using identity verification apps could be at risk of cyber attacks by foreign spies, America's cyber security agency has warned.
Employees who use apps such as Okta and other identity verification services, such as Duo or Microsoft's Azure AD, could be at risk due to a bug that originates with a firewall provider many companies use.
The bug, listed as a maximum level ten vulnerability by the team that found it, is thought to be actively at risk of being exploited by advanced cyber attackers, including nation states.
Experts warned such a bug could allow a hacker access to the sensitive records of a company, steal credentials or even to take over the internal system.
US Cyber Command warned that Palo Alto Networks, a US firewall provider used by more than 70,000 companies around the world, had found a bug in its technology that put log-in apps designed to make workers more secure at risk.
The vulnerability in the firewall affects businesses and governments who use Palo Alto Networks' security technology. However, individuals signing into remote desktops could also be affected.
The bug left computers vulnerable at companies that used Palo Alto Networks’ software when they also used these security apps through their smartphones. In some conditions, this combination could let hackers bypass secure systems. The company has now patched the bug and is advising customers to update their networks.
Sign on apps have grown increasingly popular. These “multi-factor authentication apps” enable secure logging in, by sending alerts to a linked smartphone. Access is only permitted once the owner of a specific device has granted approval.
“In the worst case, this is a critical severity vulnerability,” Palo Alto Networks said in an update. “Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.”
However, US Cyber Command warned that the bug was at risk of being exploited by foreign hackers. “Please patch all devices affected immediately,” it said. “Foreign ATPs [nation state hackers] will likely attempt exploit soon.”
Marc Rogers, executive director of cyber security at US company Okta, which has more than 100m users, said in some cases users faced “the risk that an attacker may be able to bypass their perimeter and access sensitive resources... it is strongly recommended that affected devices be upgraded as soon as possible.”
Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks’ proactive response to this vulnerability.
https://t.co/WwJdil5X0F— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) June 29, 2020
Jake Moore, a security expert at Eset security, said: “This vulnerability is an authentication bypass allowing even non-technical threat actors to access devices without the need to provide valid credentials.
“These apps are used by many organisations around the world and this is yet another great reason why you need to keep your software up to date and review current device configurations.”
An Okta spokesman said: “Okta’s customers entrust us with a foundational component of their organization’s security, and maintaining that security and trust is our highest priority.
“We have worked with the Palo Alto Networks team to quickly provide instructions for potentially impacted joint customers to resolve the issue.” Duo did not immediately respond to a request for comment.
