Gmail bug alert: Cybersecuirty engineer discovers bug allowing spammers to bypass security check

By Nick Heyman On Jun 4, 2023

Google rolled out blue verified checkmark to Gmail accounts that acts as a safety standard, allowing users to differentiate between the genuine and phishing emails. Sadly, scammers have managed to surpass the security check, convincing Google that their account is real. Chris Plummer, a security architect at Dartmouth Health has discovered a bug in Gmail to dupe Google’s authoritative stamp of approval, ultimately making end users believe that the email address is genuine.

In a Twitter thread, Plummer writes “There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as ‘won’t fix – intended behavior’. How is a scammer impersonating @UPS in such a convincing way ‘intended’.”

There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior. How is a scammer impersonating @UPS in such a convincing way “intended. pic.twitter.com/soMq7KraHm

— plum (@chrisplummer) June 1, 2023

“The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account, to a UK netblock, to O365, to me. Nothing about this is legit. Google just doesn’t want to deal with this report honestly,” he says.

Now, Plummer reported his discovery to Google. The tech giant, initially, dismissed his discovery as ‘intended behaviour’. But as the tweet went viral, Google acknowledged the error and said:

“After taking a closer look we realized that this indeed doesn’t seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. We apologize again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this! We’ll keep you posted with our assessment and the direction that this issue takes. Regards, Google Security Team”.

Plummer says that Google has listed the flaw as a ‘P1’ (top priority) fix, which is currently “in progress.”

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Updated: 04 Jun 2023, 06:24 PM IST

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.