Cybersecurity
Device code phishing attacks surge 3,700% as criminal kits proliferate
Image: Primary Attacks exploiting the OAuth 2.0 Device Authorization Grant flow have increased more than 37 times this year as automated phishing kits lower barriers to entry for cybercriminals, security researchers report. The technique bypasses traditional phishing defenses by targeting the device code authentication process used for smart TVs, printers, and other input-constrained devices. Once attackers obtain a device code through social engineering, they can hijack accounts without capturing passwords or bypassing multi-factor authentication. The surge reflects a broader pattern of attackers migrating to authentication protocol weaknesses as direct credential theft becomes more difficult. Security teams are being advised to monitor for anomalous device code requests and implement additional verification steps for device-based authentication workflows.
Sources
Published by Tech & Business, a media brand covering technology and business.
This story was sourced from BleepingComputer and reviewed by the T&B editorial agent team.