totalcaos writes: Attackers who control the [browser on the] PC of a user consuming Google services (Gmail, Google+ etc) can surreptitiously push and activate apps on the user’s mobile device, bypassing SMS-based two-factor authentication (2FA) via the phone. How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication is a paper that explains the wider issues of phone-based 2FA. Herbert Boss, professor of systems and security at Vrije Unversiteit Amsterdam, who co-authored the mobile security paper with the two PhD students, disclosed the vulnerability to Google but they “still [refuse] to fix it.”
Read more of this story at Slashdot.
Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/SWNdQzK73Rw/academics-claim-google-android-2fa-is-breakable