August 2, 2021 We Serve Information in a Simple Way

What’s Wrong with Two-Factor Authentication (2FA) on Android

Everyone knows that Android security is frankly so-so. Not that I regularly experience infections, but I have to read about the spread of yet another Trojan that has killed thousands of users on a regular basis. And to the question, how does it happen, I have a quite reasonable answer. It’s just that most users have no idea how to distinguish safe software from unsafe software based on external features. As a result, we have hundreds and thousands of infections. Only two-factor authentication saves. Well, at least it did.

To begin with, I propose to figure out what two-factor authentication is, how it works, why it is needed, and why everyone relies on it so much when it comes to security.

 

Why You Need Two-Factor Authentication

In simple terms, two-factor authentication is an additional step in authorizing accounts, which is tied to a device that is theoretically permanently with its owner. That is, in addition to entering credentials, two-factor authentication involves entering a one-time code, which is sent either via SMS or in the form of a push notification after correctly entering the login-password pair. After all, if intruders can steal them, in principle, they are unlikely to get your smartphone to confirm the entry. Unfortunately, on Android, two-factor authentication is no longer as secure.

Researchers at Check Point Research, studying security issues in information systems, have discovered a curious Android Trojan that nullifies the reliability of two-factor authentication. He works as a spy. Penetrating into the device of its victim, the Trojan carefully hides and begins to track the facts of authorization in mail applications, social networks, and instant messengers. They become the trigger for its activation. As soon as the user launches the mail app or navigates to the mail service address in the browser, the Trojan starts committing.

 

Is it Possible to Steal a Two-Factor Authentication Code?

It creates a backdoor on the device and, as soon as the victim enters a pair of login and password, the Trojan copies them and sends them to their creators. Then it waits for an SMS with a two-factor authentication code to arrive and copies and forwards it. As a result, the attackers who created the Trojan receive both a login with a password and a two-factor authentication code to confirm authorization. But, worst of all, even if the victim senses something and wants to block all sessions, the scammers will be able to authorize again by sending an SMS with a verification code.

Why am I so confident in talking about Android, if, in fact, the same thing could happen with any other OS? But the fact is that with any other OS, this could not happen, unfortunately, or fortunately. There are no smartphones on Windows or macOS. Linux smartphones, which are used by at least one and a half people, can be counted on the fingers of one hand. And on iOS, this is basically impossible to imagine. No, well, just think: how could a Trojan get to the iPhone? It is clear that in any way. Indeed, the App Store will definitely not let it through, and the user will not be able to download the software from outside the official store, even with a strong desire.

Can Android users be protected from this? Undoubtedly, yes. No matter how bad Google Play is, it’s better to download software from there, avoiding alternative sources, especially those that you hear about for the first time. The fact is that Google censors – there are also such censors, however – are unlikely to allow such dangerous software to be published in the official catalog. And in third-party sources, as a rule, there is simply no one to check software. As a result, every trash is spreading precisely because of them. Therefore, just be smarter and more circumspect, and no Trojans threaten you.

Related Posts

Stop Gmail From Tracking Your Activities

The emails and mailings from marketing companies that spam many users’ inbox are not just product advertisements. Such emails are...

How Google Corrupts Android to Make the OS More Secure

Android, unlike iOS, never gave me the impression of user protection first. The openness of the file system, the ability...

How Can We Make 1000$ with Online Earning?

Online Earning how can I generate real money online? It’s a question that a lot of people who are internet...

SEO Abroad: How to Promote Your Website

To effectively sell goods and services not only in your region but also around the world, translating the site into...

How do I Feel about Leaks of New Smartphones?

This week there was an event that once again made us think about what is generally happening in the world...

Google has Figured Out How to Improve VPN Performance in Android 12

Despite the fact that Android security has always been frankly so, this is a consequence of the openness of the...

Paid Traffic as a Tool in B2B Marketing

Paid traffic, be it contextual advertising, targeted advertising, or YAN (Yandex advertising network), is an integral part of promoting the...

Some Cool Features May Be Coming Soon to Google Chrome for Android

New features in Google Chrome are always interesting and have a lot of practical benefits. This is the most popular...

Automatically Delete Everything Google Knows About You

Whoever cares more or less at some point about privacy, technology has shown us that we cannot be free on...

Where to Safely Store Passwords on Android

Just yesterday, I had a debate with an old friend of mine about online privacy. We discussed how to properly...

How to Get Back Old Google Search in Chrome Browser

Google search has gone through a lot of changes in recent years. The company has improved the search algorithms, increasing...

5 Annoying Situations You Can Avoid with a VPN

VPNs, virtual private networks, have long been used to provide online privacy. But what is it? The principle of operation...

Google Assistant is not Responding: How to fix it

If the Google Assistant is not responding on your Android phone, there are a number of solutions and checks to...

Ok Google Not Working? Here’s How to Fix it

Voice command “Ok Google” is one of the most convenient ways to call the Google Assistant, for which you don’t...

Finally! Qualcomm Shows How to Make Android Smartphones

Probably, everyone has such companies from which we would like to get a smartphone. It’s not clear where, but for...

Comments
Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!
%d bloggers like this: