Everyone knows that Android security is frankly so-so. Not that I myself regularly experience infections, but I have to read about the spread of yet another Trojan that has killed thousands of users on a regular basis. And to the question, how does this happen, I have a quite reasonable answer. It's just that most users have no idea how to distinguish safe software from unsafe software by external signs. As a result, we have hundreds and thousands of infections. Only two-factor authentication saves. Well, at least it did.
Two-factor authentication is not as secure on Android as on, say, iOS
To begin with, I propose to figure out what two-factor authentication is, how it works, why it is needed and why everyone rely so much on it when it comes to security.
Why you need two-factor authentication
Hacking two-factor authentication turned out to be easy
In simple terms, two-factor authentication is an additional step for authorization in accounts, which is tied to a device that is theoretically permanently with its owner. That is, in addition to entering credentials, two-factor authentication involves entering a one-time code, which is sent either via SMS or in the form of a push notification after correctly entering the login-password pair. After all, if the attackers can steal them, in principle, they are unlikely to get your smartphone to confirm the entrance. Unfortunately, on Android, 2FA is no longer as secure.
Researchers at Check Point Research, studying security issues in information systems, have discovered an interesting Trojan for Android, which nullifies the reliability of two-factor authentication. He works like a spy. Penetrating into the device of its victim, the Trojan carefully hides and begins to track the facts of authorization in mail applications, social networks and instant messengers. They become the trigger for its activation. As soon as the user launches the mail app or navigates to the mail service address in the browser, the trojan starts committing.
Is it possible to steal a two-factor authentication code
It creates a backdoor on the device and, as soon as the victim enters a pair of login and password, the Trojan copies them and sends them to their creators. Then it waits for an SMS with a two-factor authentication code to arrive, and copies and forwards it. As a result, the attackers who created the Trojan get both a login with a password and a two-factor authentication code to confirm authorization. But, worst of all, even if the victim senses something and wants to block all sessions, the scammers will be able to authorize again by sending an SMS with a verification code.
Think two-factor authentication is absolutely secure? Without common sense on your part, even it is meaningless
Why am I so confident in talking about Android, if, in fact, the same thing could happen with any other OS? But the fact is that with any other OS, this could not happen, unfortunately or fortunately. Smartphones on Windows or macOS don't exist. Smartphones on Linux, which are used by at least one and a half people, can be counted on the fingers of one hand. And on iOS this is basically impossible to imagine. No, well, just think: how could a Trojan get to iPhone? It is clear that in any way. Indeed, the App Store will definitely not let it through, and the user will not be able to download the software from outside the official store, even with a strong desire.
Can users Android be protected from this? Undoubtedly, yes. No matter how bad Google Play is, it's better to download software from there, avoiding alternative sources, especially those that you hear about for the first time. The fact is that Google censors – there are also such censors, however – are unlikely to allow such dangerous software to be published in the official catalog. And in third-party sources, as a rule, there is simply no one to check software. As a result, every trash is spreading precisely because of them. So just be smarter and more circumspect, and no Trojans will threaten you.