Researchers at security company ThreatFabric have found a new bug in Google's Software identifier that allows hackers to copy the code generated by the app and log in to their target accounts.
Google Authenticator is a program that allows users to use single-use codes generated by the program instead of using a password; in a way, its performance can be considered similar to a dynamic password. However, the bug found in the app allows hackers to access the phone's display and take screenshots of the code generated by the app.
The bug appears to have plagued Microsoft as well, as the same bug was found in Microsoft's Attenuator program and allowed hackers to steal code at the same level. Of course, in order to access the code generated by these programs, hackers must first log in to the user's smartphone with their Trojan program and then infiltrate Google and Microsoft.
They can then log in to the app, generate a one-time password for the accounts stored in it, and take a screenshot of the displayed page and code using the bug. Then, with the help of this code and user information, they can log in to the target person's account. Of course, Android has provided developers with the ability to block screenshots from certain pages.
This feature is known as "FLAG_SECURE". However, neither Google nor Microsoft seems to be taking advantage of this feature. According to the report, Google first released a patch in 2014 to solve this problem, but since 2017, this bug has been in the program again and no action has been taken to solve it.Source