Everyone knows that Android security is frankly so-so. Not that I regularly experience infections, but I have to read about the spread of yet another Trojan that has killed thousands of users on a regular basis. And to the question, how does it happen, I have a quite reasonable answer. It’s just that most users have no idea how to distinguish safe software from unsafe software based on external features. As a result, we have hundreds and thousands of infections. Only two-factor authentication saves. Well, at least it did.
To begin with, I propose to figure out what two-factor authentication is, how it works, why it is needed, and why everyone relies on it so much when it comes to security.
Why You Need Two-Factor Authentication
In simple terms, two-factor authentication is an additional step in authorizing accounts, which is tied to a device that is theoretically permanently with its owner. That is, in addition to entering credentials, two-factor authentication involves entering a one-time code, which is sent either via SMS or in the form of a push notification after correctly entering the login-password pair. After all, if intruders can steal them, in principle, they are unlikely to get your smartphone to confirm the entry. Unfortunately, on Android, two-factor authentication is no longer as secure.
Researchers at Check Point Research, studying security issues in information systems, have discovered a curious Android Trojan that nullifies the reliability of two-factor authentication. He works as a spy. Penetrating into the device of its victim, the Trojan carefully hides and begins to track the facts of authorization in mail applications, social networks, and instant messengers. They become the trigger for its activation. As soon as the user launches the mail app or navigates to the mail service address in the browser, the Trojan starts committing.
Is it Possible to Steal a Two-Factor Authentication Code?
It creates a backdoor on the device and, as soon as the victim enters a pair of login and password, the Trojan copies them and sends them to their creators. Then it waits for an SMS with a two-factor authentication code to arrive and copies and forwards it. As a result, the attackers who created the Trojan receive both a login with a password and a two-factor authentication code to confirm authorization. But, worst of all, even if the victim senses something and wants to block all sessions, the scammers will be able to authorize again by sending an SMS with a verification code.
Why am I so confident in talking about Android, if, in fact, the same thing could happen with any other OS? But the fact is that with any other OS, this could not happen, unfortunately, or fortunately. There are no smartphones on Windows or macOS. Linux smartphones, which are used by at least one and a half people, can be counted on the fingers of one hand. And on iOS, this is basically impossible to imagine. No, well, just think: how could a Trojan get to the iPhone? It is clear that in any way. Indeed, the App Store will definitely not let it through, and the user will not be able to download the software from outside the official store, even with a strong desire.
Can Android users be protected from this? Undoubtedly, yes. No matter how bad Google Play is, it’s better to download software from there, avoiding alternative sources, especially those that you hear about for the first time. The fact is that Google censors – there are also such censors, however – are unlikely to allow such dangerous software to be published in the official catalog. And in third-party sources, as a rule, there is simply no one to check software. As a result, every trash is spreading precisely because of them. Therefore, just be smarter and more circumspect, and no Trojans threaten you.