January 18, 2021

M2FA software attack vectors

What are the possible attack vectors for software such as Authy, Google Authenticator, Microsoft Authenticator, etc?

​

-Pass the cooking, but that is also the case for U2F.

-Malware on the phone grab the picture, when one is scanning the QR code containing the private key of the M2F code.

-Malware stealing the private keys of the app, in the M2F on the phone. Is this possible? Can the malware read the contents of lets say, Google Authenticator, of their stored keys?

-Stealing the phone, of course.

-Acessing the cloud where automatically backups are generated. Authy, Microsoft Authenticator.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.