Google Authenticator app no longer safe thanks to new malware

Two-Factor Authentication (2FA) was the industryā€™s answer to curbing illegitimate access for online accounts. This was especially the case to prevent bank accounts from being hacked and was eventually utilized by companies like Google, Facebook, Apple etc. Now a new security threat claims to be able to steal 2FA codes from the Google Authenticator.

According to Threatfabric, new Android malware is capable of stealing 2FA codes from Googleā€™s app. Typically apps like Googleā€™s 2FA or even Microsoftā€™s App for that matter are considered safer than the SMS method of receiving 2FA codes. This was because SMS isnā€™t transmitted over a secure protocol and can be intercepted. Then thereā€™s the additional threat of SIM cloning that has led to multiple counts of banking fraud in the past. Now, it would appear that Googleā€™s 2FA app has also been proven to be vulnerable.

According to Threatfabric, the malware is not yet being distributed or advertised on underground forums, suggesting that the hack may still be in testing stages. What we donā€™t know yet is whether the malware is exploiting something in the Android OS or a weakness in Googleā€™s 2FA app to gain access to the codes. The report only lists the vulnerability to impact Android, meaning iOS users are still secure. This could also mean that the vulnerability exploits a combined vulnerability in Android and the 2FA app. There is also no information on whether the malware would make other 2FA apps vulnerable, but in either case, it is something to be supremely worried about.



from Latest Technology News https://ift.tt/2VwQbOA

Comments

Popular Posts