Today's Hard|Forum Post
Today's Hard|Forum Post

Saturday April 09, 2016

Academics Claim Google Android Two-Factor Authentication Is Breakable

Researchers allege that 2FA on Android is not foolproof and accuse Google of not patching the vulnerability even though they were made aware of it a year ago.

If attackers have control over the browser on the PC of a user using Google services (like Gmail, Google+, etc.), they can push any app with any permission on any of the user's Android devices, and activate it - allowing one to bypass 2-factor authentication via the phone. Moreover, the installation can be stealthy (without any icon appearing on the screen). For short, we refer to the vulnerability as the BAndroid (Browser-to-Android) vulnerability and to attacks that abuse it as BAndroid attacks.