Bypassing Google’s Two-Factor Authentication
Attackers were once able to bypass Google's two-step verification to gain account control by capturing a user's application-specific password (ASP).
As Duo's security research team, Duo Labs is dedicated to disrupting, de-risking and democratizing complex security topics and sharing their innovations with the broader community. Learn more: duo.com/labs
157 Articles Found
Attackers were once able to bypass Google's two-step verification to gain account control by capturing a user's application-specific password (ASP).
X-Ray is Duo's mobile app that performs "vulnerability assessment" on Android devices. X-Ray can identify known, yet unpatched, vulnerabilities in the mobile platform itself that could be exploited.
Here’s an update on the ASLR capabilities as well as cover some of the other improvements in exploit mitigations present in Jelly Bean.
While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we're confident that Google will continue to improve and evolve its capabilities. We've been in touch with the Android security team and will be working with them to address some of the problems we've discovered.
Announcing the public launch of VPN Hunter, which discovers and classifies the virtual private networks (VPNs) & other remote access services of any organization.