Blog

New Android Malware Can Get Past Two-Factor Authentication

Mar 11, 2020 | Blog

Since 2010, Google has been doing its part to help keep its massive user base safe. They introduced a small but critical service called Google Authenticator, which is used by a number of online accounts as a two-factor authentication layer.

Google launched the service as an alternative to SMS-based one-time pass codes.

While SMS-based codes are better than nothing, they are the lowest common denominator in the world of 2FA, and are problematic for a number of different reasons. The main advantage Authenticator has over its SMS counterpart is that Authenticator’s randomly generated codes are contained within the user’s device itself, and never travel through insecure mobile networks.

Although Authenticator generated codes are widely regarded as being superior to SMS-based codes in terms of overall security, they’re certainly not invulnerable, as hackers have recently proved. Researchers from ThreatFabric recently announced that they’ve spotted a new strain of the Cerberus Trojan in the wild that is capable of stealing 2FA codes generated via the Authenticator application.

If there’s a silver lining in the research team’s findings, it is the fact that the strains they’ve uncovered seem to be test versions of the Trojan That means the new capabilities aren’t yet widely available. Unfortunately, it’s just a matter of time before the new strain is out of testing and starts seeing widespread use.

All that to say, that this is a serious threat. Be sure your employees are aware of the risks and dangers. Too often, people get comfortable after enabling 2FA and develop a false sense of security thinking that they’re essentially invulnerable.

They aren’t. No one is. While this is the first piece of malware we’ve seen that can counter 2FA, it certainly won’t be the last. Stay vigilant. It’s going to be a tough year on the security front.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech