Google Authenticator Weaknesses

Earlier this year, we submitted a bug to Google for the Google Authenticator app on Android. Basically, the bug we submitted is that the secret key (the private code that when combined with an accurate source of time creates the one-time-use codes for use with Google’s open-sourced two factor authentication) is stored in the clear on Android devices. Google’s response was that this was behaving by design, and that not the system controls around the filesystem are sufficient to protect this information.

We humbly disagree.

Rooted devices get around these system controls that protect these secret keys. So would any malware that performed a privilege escalation exploit. And most importantly, backups of the phone (using a tool such as Titanium Backup) contains these secret keys in the clear. (Note: Google’s built-in capability for backing up Android devices excludes this file from backups.)

In my opinion, you don’t want these secret keys to be that easy to obtain. The easy answer would be to ensure Google Authenticator encrypted its internal database. Unfortunately, more than 1/3 of Android devices in the marketplace are running Android 2.x or older, meaning they don’t have any ability for storage encryption. Newer devices have the capability, but it is up to the individual to enable it. (Unlike the iPhone, which since iOS4 has had encrypted storage available for apps to take advantage of.)

Again with some more innovation, Authy (see earlier post) always encrypts the secret keys in storage. As mentioned earlier, since many Android devices do not have native storage encryption, Authy had to devise their own method to do this encryption in storage. According to Authy:

Encryption is a simple AES-256 using certain parameters of your phone as a key and some secrets stored in the Authy Binary. This is not bullet-proof and we know it. A good determined attacker can break this encryption. But it was only designed to prevent someone getting access to your computer backups or simple malware stealing your data to get your keys, for that it works great.

Authy understood that this was an important fact to consider and did what was possible to help protect the information on phones. And most impressively, they realize that it is not bullet-proof. It is meant to improve the state of the art, and decrease the chance of a leak of anyone’s secret key.

I wish that Google had decided otherwise with their Authenticator app. In the meantime, consider me an Authy user.