Android Malware Defeats Two-Factor Authentication

Discussion in 'HardForum Tech News' started by HardOCP News, Jan 19, 2016.

  1. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    Uh oh, all you Android users out there need to read this.

    Once installed on a device, Android.Bankosy creates a back door that opens communication with a command and control server. Once the command and control server has user identification information – the first factor in two-factor authorization – it can set up unconditional call forwarding. Then it can initiate a financial transaction and the call with the one-time password goes straight to the third party.
     
  2. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    Yeah, that's why two form factor authentication should never have both pieces done on the same device.
     
  3. mi7chy

    mi7chy 2[H]4U

    Messages:
    3,985
    Joined:
    May 22, 2013
    Any device that does call forwarding is susceptible. You can limit your exposure to MITM by using encrypted communication for multifactor. I use Hangouts for both calls and SMS so they're both protected by encryption.
     
  4. TwistedAegis

    TwistedAegis [H]ardForum Junkie

    Messages:
    8,958
    Joined:
    Oct 7, 2009
    These have been popping up for years now. Doesn't appear that it sends back the OTP, so an institution should still be able to recognize that the OTP is being sent back by the same device it was sent to.

    But if it's simply an OTP entered into a web form separately, hard to contend with outside of very good behavioral recognition as to the session behavior of the client.
     
  5. viscountalpha

    viscountalpha 2[H]4U

    Messages:
    2,545
    Joined:
    Oct 16, 2011
    Looks like it's time for a cellphone av.
     
  6. MRAB54

    MRAB54 Gawd

    Messages:
    834
    Joined:
    Sep 9, 2001
    Looks like it's time for a new cellphone operating system.
     
  7. UnrealCpu

    UnrealCpu 2[H]4U

    Messages:
    2,734
    Joined:
    Jun 20, 2003
    thats it i am updating to a Hackintosh
     
  8. Deathroned

    Deathroned Gawd

    Messages:
    555
    Joined:
    Mar 6, 2015
    all the Maldroid fanboys are hiding i wonder why?
     
  9. t0ked

    t0ked n00b

    Messages:
    23
    Joined:
    Jul 24, 2006
    Yawn. How ones one get this program? Sideload it? Download it from pirate app sites? After checking that box saying download from unknown sources? More dribble from the uninformed.
     
  10. MrTroy03

    MrTroy03 Limp Gawd

    Messages:
    422
    Joined:
    Feb 12, 2008
    Seems like its only really a risk if you're an idiot that sideloads apps, it could be packaged in an untrustworthy app.
     
  11. amddragonpc

    amddragonpc [H]ard|Gawd

    Messages:
    1,996
    Joined:
    Sep 20, 2012
    If I don't know it's happening, I'm good, right? Not worried. :D
     
  12. Vermillion

    Vermillion [H]ardness Supreme

    Messages:
    4,112
    Joined:
    Apr 5, 2007
    Yay more scare tactics by AV company that wants to sell AV to stupid users!

    Don't want to worry about this? Don't pirate your apps or use shady app stores...oh wait shady app stores host pirated software.

    Boy the common denominator here is really hard to figure out.
     
  13. Ocellaris

    Ocellaris Ginger @le, an alcoholic's best friend.

    Messages:
    18,837
    Joined:
    Jan 1, 2008
    Yes like many Android security issues this would primarily affect people side loading shady apps and using foreign app stores filled with illegal apps.
     
  14. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,980
    Joined:
    Nov 1, 2012
    Looks like it's time to adopt a closed ecosystem like the *cough* more secure competition does.
     
  15. jj14

    jj14 [H]Lite

    Messages:
    105
    Joined:
    Jan 6, 2016
    Fine line between being open like Android is right now and being more closed to prevent these malwares
     
  16. notarat

    notarat [H]ard|Gawd

    Messages:
    1,739
    Joined:
    Mar 28, 2010
    So basically, you're talking about 1-2% of Android users at most, and that 1-2% of users are already involved in "shady" or "illegal" activities...I'm okay with them getting shafted. :)
     
  17. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,563
    Joined:
    Jul 16, 2008
    That's why I have insisted that they are wrong in calling this Two-Factor Authentication. It's a false claim which is why it's being defeated this way.