Google Authenticator update threatens users’ crypto assets

\n

In the new version of Google’s two-factor authentication (2FA) app, a cloud synchronization feature has been added, which could threaten user data security, according to SlowMist analysts.

\n\n\n\n

?SlowMist Security Alert?

Recently, @Google Authenticator iOS has launched version 4.0, which supports cloud synchronization. Users can synchronize the verification code generated by the authenticator to all Google accounts and devices, and can obtain the verification code at…

— SlowMist (@SlowMist_Team) April 25, 2023

\n\n\n\n

\”If you use this backup method, your email is at risk. After losing access to email, the 2FA verification code can be stolen, which carries enormous risks,\” the security team explained.

\n\n\n\n

In the fourth version of the app, users can synchronize the verification code with all Google accounts, and also recover it in case of loss of access.

\n\n\n\n

However this update opens a wide scope for scammers, as 2FA is no longer bound to a specific device. Thus, attackers can gain control over a hacked account from anywhere in the world.

\n\n\n\n

Previously, access could be restored only with a backup code, which was created during the initial setup of Google Authenticator.

\n\n\n\n

According to representatives of the corporation, the software update decision was made due to frequent user complaints about difficulties with authentication when losing a device.

\n\n\n\n

\”This update improves the functionality of protection against lockouts. Services can rely on users maintaining access to their accounts, which enhances both convenience and security,\” Google said.

\n\n\n\n

In April, users of MetaMask lost more than $10.5 million due to an unknown exploit. Developers noted that the problem affected all wallets, including hardware wallets or those generated for pre-sale Ethereum.