Google Authenticator app no longer safe thanks to new malware
Two-Factor Authentication (2FA) was the industryās answer to curbing illegitimate access for online accounts. This was especially the case to prevent bank accounts from being hacked and was eventually utilized by companies like Google, Facebook, Apple etc. Now a new security threat claims to be able to steal 2FA codes from the Google Authenticator.
According to Threatfabric, new Android malware is capable of stealing 2FA codes from Googleās app. Typically apps like Googleās 2FA or even Microsoftās App for that matter are considered safer than the SMS method of receiving 2FA codes. This was because SMS isnāt transmitted over a secure protocol and can be intercepted. Then thereās the additional threat of SIM cloning that has led to multiple counts of banking fraud in the past. Now, it would appear that Googleās 2FA app has also been proven to be vulnerable.
According to Threatfabric, the malware is not yet being distributed or advertised on underground forums, suggesting that the hack may still be in testing stages. What we donāt know yet is whether the malware is exploiting something in the Android OS or a weakness in Googleās 2FA app to gain access to the codes. The report only lists the vulnerability to impact Android, meaning iOS users are still secure. This could also mean that the vulnerability exploits a combined vulnerability in Android and the 2FA app. There is also no information on whether the malware would make other 2FA apps vulnerable, but in either case, it is something to be supremely worried about.
from Latest Technology News https://ift.tt/2VwQbOA
Comments
Post a Comment