Source: Android Central
What you need to know
- A bug in the Google Authenticator app reportedly allows screenshots of OTPs to be easily captured.
- Security researchers had recently suggested that the "Cerberus" Android malware can steal one-time codes generated by Google Authenticator.
- Google has been notified of the vulnerability, although it is yet to be fixed.
Security researchers at Dutch mobile security firm ThreatFabric had claimed in a report last month that the latest version of Android banking trojan Cerberus is capable of stealing one-time passcodes (OTP) generated by the Google Authenticator and other similar apps. The folks at Nightwatch Cybersecurity have now uncovered another vulnerability that could be used by malicious apps to steal one-time passcodes from Google Authenticator.
The report published by Nightwatch Cybersecurity reveals that rogue apps on Android devices might be able to steal all generated OTP codes from the Google Authenticator app, as it allows screenshots of one-time passcodes to be captured. It notes that several rogue apps make use of Android accessibility to pull screenshots from running apps. This could be prevented by using "FLAG_SECURE," but the Google Authenticator sadly does not use the FLAG_SECURE setting.
Android apps and certain platform services can capture screens from other running apps with the help of the MediaProjection API. With the FLAG_SECURE flag, the content of an app window is treated as secure, preventing it from appearing in screenshots.
While a bug report detailing the vulnerability has been submitted to Google, it hasn't been fixed yet. The bug is still present in the latest version of the Authenticator app.
Get More Pixel 3a
- Google Pixel 3a Review
- Best Screen Protectors for Pixel 3a XL
- Best Cases for Pixel 3a XL
- Best Cases for the Pixel 3a
- Best Pixel 3a Acces sories
We may earn a commission for purchases using our links. Learn more.
Sonos will stop bricking older speakers with its Recycle Mode program
Earlier this year, Sonos’s “Recycle Mode” that bricked old speakers in order for customers to upgrade to new ones caught a lot of flak. Now, the controversial policy is being removed.
PlayStation 5 vs. Xbox Series X: Everything we know so far
A game-changing year lies ahead, with two of the world's biggest next-generation consoles expected to hit store shelves in late 2020. Here's what we know about Xbox Series X, in relation to the Sony PlayStation 5.
Google Stadia rolling out support for 4K on the web
Google has finally begun rolling out support for 4K on the web for some users. Previously, if you wanted to play in 4K, you had to use a Chromecast Ultra.
Get the most out of these smart devices and services with Google Assistant
The Google Assistant is the most useful smart voice assistant for getting your questions answered and keeping track of your digital life, but it's also great at helping you control your smart home devices and services.