Google Authenticator sync without end-to-end encryption

A new feature synchronization with the Google Authenticator cloud is under fire from privacy advocates who claim that communication between the endpoint and the cloud is not encrypted and can be intercepted by attackers.

Η sync was added by Google to help users create ασφαλείας των κωδικών ελέγχου ταυτότητας δύο in the cloud.

google authenticator 1

Researchers at Mysk analyzed the network traffic of the update s Google Authenticator and reported that "it turned out that the traffic is not end-to-end encrypted".

“Google just updated the 2FA Authenticator app and added a much-needed feature: the ability to sync between devices. TL;DR: Don't enable it”, Mysk explained in a tweet. "While syncing 2FA codes across devices is convenient, it comes at the expense of your privacy."

Οι ερευνητές ανέφεραν ότι με την έλλειψη κρυπτογράφησης είναι πολύ πιθανόν να δούμε διαρροές δεδομένων και επιθέσεις σε λογαριασμούς της Google. Μια επιτυχημένη επίθεση θα δώσει στον επιτιθέμενο πρόσβαση στον κώδικα QR του ελέγχου ταυτότητας δύο που for generating one-time codes.

“Each 2FA QR code contains a seed, which is used to generate the one-time codes. If someone knows the seed, they can generate the same one-time passwords and bypass 2FA protections. So if there ever is one data or if someone gains access to your Google account, all 2FA seeds will be compromised”.

Paul Ducklin on the Naked Security blog of Sophos said that anyone who can Google your data will be able to access sensitive authentication data.

Mysk researchers recommend that users who are concerned about privacy disable the new sync feature in the Google Authenticator app.

A tweet from Christian Brand of Google, an identity and security product manager, said it recognizes privacy concerns and said Google plans to make for the application.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Google Authenticator

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).