Google has more power and pull on the web than you might think. This company, now one of the largest in the world, controls a significant majority of the internet’s ad power and revenue. Plus, it’s responsible for one of the largest communication platforms you can use today: Gmail.
Not only does Gmail give users more space than they could ever fill for emails and files, but it also offers a plethora of features that make sending and organizing messages even easier than before. Tap or click here for our favorite Gmail tricks and hacks.
Because Gmail is so widely used, a security issue affecting the platform would threaten a wide swath of internet users. And that’s exactly what’s happened — an unusual bug in G Suite could’ve allowed emails sent via Gmail to be spoofed to appear like any other sender on the platform.
We’ll show you how this bug works and how you can protect your account from dangerous threats like this one.
G Suite bug would’ve let hackers pretend to be any Gmail user
Google has patched a major security flaw within its G Suite family of applications, which includes Gmail, Google Meet and Google Docs, among other productivity software.
The bug, initially discovered by security researcher Allison Husain, involved a combination of back-end G Suite exploits that could allow hackers to manipulate email routing data to masquerade as any Gmail user. Were the issue to remain unpatched, Husain speculated it would be widely adopted by scammers using phishing campaigns.
Tap or click here to see why phishing attacks have become so widespread.
To make matters worse, Gmail and G Suite’s built-in security features make it easy for spoofed mails to be properly authenticated, which means they won’t easily be flagged as spam or malicious. This would’ve removed a major stumbling block for malicious actors.
Husain originally reported the issue to Google in April of this year, but Google apparently delayed patches past the 137-day disclosure deadline. Instead, it planned to fix the bug sometime in September.
But all that changed after Husain published her findings publicly to her blog — along with a proof-of-concept exploit code. The patches from Google were then released 7 hours later, and Google claimed it would be releasing more robust patches closer to its original timeline.
This story, just like many coming from the cybersecurity domain, proves just how valuable white-hat hackers and cybersecurity researchers are to building a safer internet.
Continue reading →