Categories
Latest News

Google Authenticator screenshot bug could be a potential security risk

Advertisement

Google Authenticator

Google AuthenticatorSource: Android Central

What you need to know

  • A bug in the Google Authenticator app reportedly allows screenshots of OTPs to be easily captured.
  • Security researchers had recently suggested that the "Cerberus" Android malware can steal one-time codes generated by Google Authenticator.
  • Google has been notified of the vulnerability, although it is yet to be fixed.

Security researchers at Dutch mobile security firm ThreatFabric had claimed in a report last month that the latest version of Android banking trojan Cerberus is capable of stealing one-time passcodes (OTP) generated by the Google Authenticator and other similar apps. The folks at Nightwatch Cybersecurity have now uncovered another vulnerability that could be used by malicious apps to steal one-time passcodes from Google Authenticator.

The report published by Nightwatch Cybersecurity reveals that rogue apps on Android devices might be able to steal all generated OTP codes from the Google Authenticator app, as it allows screenshots of one-time passcodes to be captured. It notes that several rogue apps make use of Android accessibility to pull screenshots from running apps. This could be prevented by using "FLAG_SECURE," but the Google Authenticator sadly does not use the FLAG_SECURE setting.

Get ready to live stream UFC 248 with an ESPN+ subscription

Android apps and certain platform services can capture screens from other running apps with the help of the MediaProjection API. With the FLAG_SECURE flag, the content of an app window is treated as secure, preventing it from appearing in screenshots.

While a bug report detailing the vulnerability has been submitted to Google, it hasn't been fixed yet. The bug is still present in the latest version of the Authenticator app.

Advertisement

Get More Pixel 3a



Google Pixel 3a

We may earn a commission for purchases using our links. Learn more.

Sonos will stop bricking older speakers with its Recycle Mode programSonos will stop bricking older speakers with its Recycle Mode program

Sonos will stop bricking older speakers with its Recycle Mode program

Earlier this year, Sonos’s “Recycle Mode” that bricked old speakers in order for customers to upgrade to new ones caught a lot of flak. Now, the controversial policy is being removed.

PlayStation 5 vs. Xbox Series X: Everything we know so farPlayStation 5 vs. Xbox Series X: Everything we know so far

PlayStation 5 vs. Xbox Series X: Everything we know so far

A game-changing year lies ahead, with two of the world's biggest next-generation consoles expected to hit store shelves in late 2020. Here's what we know about Xbox Series X, in relation to the Sony PlayStation 5.

Google Stadia rolling out support for 4K on the webGoogle Stadia rolling out support for 4K on the web

Google Stadia rolling out support for 4K on the web

Google has finally begun rolling out support for 4K on the web for some users. Previously, if you wanted to play in 4K, you had to use a Chromecast Ultra.

Get the most out of these smart devices and services with Google AssistantGet the most out of these smart devices and services with Google Assistant

Get the most out of these smart devices and services with Google Assistant

The Google Assistant is the most useful smart voice assistant for getting your questions answered and keeping track of your digital life, but it's also great at helping you control your smart home devices and services.

Original Article

Advertisement

Leave a Reply

Your email address will not be published. Required fields are marked *