Skip to main content

Google 2FA program jumbo ploiesti authentication could be less secure than thought

(Image credit: Shutterstock / ImYanis)

Researchers have discovered a program jumbo ploiesti new kind of malware which is able program jumbo ploiesti to steal the security program jumbo ploiesti codes generated program jumbo ploiesti by Google's two-factor authentication (2FA) protection program jumbo ploiesti system.

The malware, dubbed Cerberus, is program jumbo ploiesti able to access program jumbo ploiesti the smartphone's program jumbo ploiesti display and program jumbo ploiesti exploit the ability to program jumbo ploiesti capture program jumbo ploiesti screenshots of OTPs program jumbo ploiesti generated by the Google Authenticator app.

The program jumbo ploiesti malware program jumbo ploiesti could program jumbo ploiesti also exploit other program jumbo ploiesti kinds of similar program jumbo ploiesti service, program jumbo ploiesti such as Microsoft program jumbo ploiesti Authenticator.

Vulnerability

The program jumbo ploiesti malware was program jumbo ploiesti discovered by program jumbo ploiesti security firm ThreatFabric, which program jumbo ploiesti reported it could let program jumbo ploiesti hackers manually access program jumbo ploiesti a program jumbo ploiesti victim's device with program jumbo ploiesti the help of its program jumbo ploiesti remote access trojan feature. 

This would then program jumbo ploiesti give program jumbo ploiesti access to open program jumbo ploiesti the Google Authenticator program jumbo ploiesti app, allowing the hackers to generate passwords program jumbo ploiesti for the program jumbo ploiesti secured apps, providing program jumbo ploiesti easy program jumbo ploiesti access to a program jumbo ploiesti victim's account.

In addition, researchers at program jumbo ploiesti NightWatch program jumbo ploiesti CyberSecurity have program jumbo ploiesti suggested program jumbo ploiesti that most Android program jumbo ploiesti apps program jumbo ploiesti use “FLAG_SECURE” program jumbo ploiesti setting program jumbo ploiesti to avoid program jumbo ploiesti their content to be program jumbo ploiesti captured via screen shots. 

However, program jumbo ploiesti both Google and Microsoft were found program jumbo ploiesti to not be program jumbo ploiesti using this setting in their Authenticator program jumbo ploiesti app for Android, meaning anyone program jumbo ploiesti could take a screen program jumbo ploiesti shot program jumbo ploiesti of the OTP codes generated program jumbo ploiesti by the program jumbo ploiesti app and access program jumbo ploiesti them without the users's knowledge.

The program jumbo ploiesti report also suggests that while program jumbo ploiesti Google may patched program jumbo ploiesti Authenticator back in 2014, the program jumbo ploiesti same program jumbo ploiesti bug program jumbo ploiesti was noticed again program jumbo ploiesti in 2017 and apparently remains unpatched program jumbo ploiesti now.

However the program jumbo ploiesti researchers program jumbo ploiesti add that since program jumbo ploiesti the program jumbo ploiesti malware program jumbo ploiesti seems to still be under program jumbo ploiesti development, they program jumbo ploiesti are yet to encounter it being program jumbo ploiesti used in the program jumbo ploiesti real program jumbo ploiesti world yet.

Via: ZDNet