MTM is the point where your active connection ends. It uses the token to connect with the server (which it knows since it MTMs the SMS too), you comunicate with it, seeing the copy of what MTM receives. You don't see anything strange. It's not that hard to implement.

Again, this is confusing the MTM attack we're (and most people are) talking about in general with the 2FA mechanism we're specifically talking about here.

They're two entirely different vectors. If you wanted to hijack a token as part of a 2FA, that serves the purposes of initializing an account. In this case, the second MTM (intercepting communications) will not work, because the user will be unable to log in (as you initialized their account and therefor had to set a password).

Further, in the traditional MTM attack, there's no need to steal that 2FA token in the first place - not only because it prevents an active, working account, but because you can already get the information you want through data interception.

> In this case, the second MTM (intercepting communications) will not work, because the user will be unable to log in (as you initialized their account and therefor had to set a password).

OK, once again: both SMS and internet are MTMed. Now why can't the machine doing the internet MTM use the user's password? Why do you think it has to do that before the user inputs it?

What you're describing is so inordinately complicated that it really could only be used for specific targeting. Meanwhile it's so redundant it would be a waste of everyone's time.

In this case, we're talking about a MTM on SMS and Internet. When a token is sent via SMS, we intercept that and use it to initialize an account (this is totally superfluous since we already have the MTM on the Internet, but for the sake of this argument, let's go with it).

Now when a user logs in, we know our generated password, so we need to eschew user input and supplant it with the password we generated by intercepting the 2FA, then return the response as expected.

You can sort of understand what I'm saying here. If you have MTM on the network side, you don't need to bother on the SMS side, it provides no advantage. Meanwhile, if you have MTM solely on the SMS side, there's no way to do this without alerting a user, because they will be unable to log in anyway.

OK, so I guess I understand now your view, you always assumed passive eavesdropping and ignored that my claim was from the start about the MTM:

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

"The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances."

At the moment we write this on the fist page of HN there is an article about the MTM currently used by Chinese:

https://news.ycombinator.com/item?id=8482119

Where they don't even bother to remain undetected. I didn't think it would be much more complicated for the government which already does MTM to do the real-time query through the victim's SMS. The queries of the SMS would happen very rarely and need much less resources compared to the internet traffic.

Reading the conversation before I joined the discussion, I've also believed that worklogin also worried about the MTM as he wrote, many messages before: "With SMS-based 2FA, the token is sent via insecure channels to the user BEFORE auth, which is an opportunity for state actors and telecom to intercept it before use." I believed he wouldn't need to discuss when the token is sent otherwise and that his "intercept" was in the MTM-implied meaning "to take, seize, or halt (someone or something on the way from one place to another); cut off from an intended destination: to intercept a messenger."

So, per your discussion, the existence of 2FA is irrelevant as soon as the internet is MTM-ed, that is, as soon as somebody plugs in your TLS session? I honestly have never considered how irrelevant it is then. Thanks. I still have some other view of the 2FA ultimate goals.

Like, there is this: https://news.ycombinator.com/item?id=8487115 on the first page now where Google exactly tries to avoid the SMS channel. I can imagine that you'd consider that more than 2FA which you discuss, it's also OK.

Just to summarize, I entered because the concern was about cleartext passwords being sent via SMS. This is almost never the case, typically it's a token.

As a mitigation tactic for full MTM, 2FA is basically without teeth. Same applies for the new item Google is trumpeting.

I'm not saying someone couldn't do a MTM with both SMS and full network, I'm saying it's overkill and redundant. There's no advantage. If you're already funneling the data, you have what you want.

> As a mitigation tactic for full MTM, 2FA is basically without teeth.

What I believe is that a mechanism can definitely be made where without having the second authentication item of the 2FA the MTM on the internet channel would be automatically deactivated (or the user would recognize the existence of the MTM since it would reject the connection). Namely, the MTMI (internet) point from my scenario wouldn't be able to keep the connection to the server active since it doesn't have the key which is needed to even have the (encrypted) communication: the key given from the entity with the server to the user, but not using the internet, and therefore impossible to be used by the MTM interceptor. I believe such a mechanism can be made as soon as we assume the existence of such a key. That some simpler forms are currently still more popular doesn't mean we should dismiss the properly implemented mechanism as "without teeth." Maybe you'd say that such a mechanism isn't 2FA at all. How would you call it?