Google 2FA Syncing Feature Could Put Your Privacy at Risk

Researchers find that the encryption of a users 2FA secrets are stripped after transportation to the cloud.

After a 13-year-long wait, Google Authenticator has added a 2FA account-sync feature that allows its users to back up their 2FA code sequences into the cloud, after which they can restore them back into a new device.
Though the process in which a user uploads their
2FA secrets
is encrypted,
researchers at Naked Security by Sophos
and iOS developers at Mysk reported that a users 2FA details were unencrypted inside Googles HTTPS network packets. Furthermore, there is no option in which a user can encrypt their upload using a passphrase prior to it leaving their device.
This is concerning due to the fact that once the encryption for the transportation of the data is removed after the upload has arrived, the data is available to Google and virtually anyone else who is in search of this information, including anyone with a search warrant.
While its possible that Google might address this security issue in the future, researchers at Mysk recommend using the app without the new syncing feature for now.
Although syncing 2FA secrets across devices is convenient, it comes at the expense of your privacy. Fortunately, Google Authenticator still offers the option to use the app without signing in or syncing secrets, said
Mysk researchers in a tweet
.

Last News
▸ Stopping cybercrime entails stopping the flow of easy money. ◂ Discovered: 26/12/2024 Category: security	▸ Early registration deadline for July show at Black Hat USA ends Friday. ◂ Discovered: 26/12/2024 Category: security	▸ Google requires vendors to disclose or fix zero-day bugs within 7 days. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Google 2FA Syncing Feature Could Put Your Privacy at Risk