Security researchers found that even Google Authenticator app isnโ€™t reliable for secure logins. ThreatFabric researchers found malware thatโ€™s capable of stealing 2FA codes from the Google Authenticator app, startling the MFA community. This was confirmed later by Nightwatch researchers as Google didnโ€™t set an option that would prevent that app from taking a screenshot.

Alas, not even the 2FAs are secure now

Google Authenticator App Has 2FA Stealing Code Flaw
Google Authenticator App Has 2FA Stealing Code Flaw

New research by ThreatFabric reveals a new Android malware called Cerberus, which can steal 2FA codes from the Google Authenticator app! This wasnโ€™t the cleverness of Cerberus though, but a mere stupidity by Google we can say.

Google since long has failed to put a simple code in one of its highly sensitive apps. Google Authenticator just lets any third-party app to capture a screenshot, letting the content to be copied and stolen by anyone. Cerberus was just one, thatโ€™s found to be a hybrid product of banking malware and general Remote Access Trojan (RAT).

Once if the phoneโ€™s being infected somehow, attackers can navigate to Google Authenticator app and use Cerberus to manually trigger a screenshot, thus copying the passcode content on screen. These letโ€™s gain access to any sensitive services the victim uses. Though this malware is still under development, it has the potential to victimize many, in a short span of time.

Googleโ€™s mistake!

Deep analysis by Nightwatch into this incident revealed that Googleโ€™s Authenticator app is missing a key feature, thatโ€™s letting happen this. Capturing a screenshot by third-party apps can be stopped if Google could have put a FLAG_SECURE option into its configurations. But it didnโ€™t!

This flaw has first surfaced a user in GitHub, later pointed out by researchers too. Yet, no response from Google in fixing this! Few researchers after finding this vulnerability even suggested moving out from Google Authenticator to other 2FA apps too!

Via: ZDNet

LEAVE A REPLY

Please enter your comment!
Please enter your name here