Gmail Bug Alert : साइबर सुरक्षा इंजीनियर ने स्पैमर्स को सुरक्षा जांच को बायपास करने की अनुमति देने वाले बग की खोज की

Read Time:1 Minute, 57 Second

Gmail Bug Alert : साइबर सुरक्षा इंजीनियर ने स्पैमर्स को सुरक्षा जांच को बायपास करने की अनुमति देने वाले बग की खोज की

Chris Plummer, a security architect at Dartmouth Health, has discovered a bug in Gmail meant to spoof Google’s official stamp of approval. Announcing the feature last month, Google said the blue check mark would help users and email security systems identify and stop spam. However, Plummer has found that the feature can easily be spoofed, fooling end users into believing that the email address is real. “The blue check mark is not actually verifying the email address,” Plummer said. “It’s just displaying the text that’s in the ‘From:’ header.”

Google has released a blue verified checkmark for Gmail accounts that serves as a security standard, allowing users to differentiate between genuine and phishing emails. Unfortunately, the scammers managed to get past the security check, convincing Google that their account was genuine. Chris Plummer, a security architect at Dartmouth Health, has discovered a bug in Gmail meant to spoof Google’s official stamp of approval, ultimately tricking end users into believing that the email address is real.

The sender found a way to spoof Gmail’s official stamp of approval that end users are going to rely on. This message went from a Facebook account to UK netblocks, O365, to me. There is nothing legal about it. Google doesn’t want to deal with this report honestly,” he says.

There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”. pic.twitter.com/soMq7KraHm
— plum (@chrisplummer) June 1, 2023

Now, Plummer has reported his discovery to Google. The tech giant had initially dismissed their discovery as ‘intended behaviour’. But as soon as the tweet went viral, Google acknowledged the error and is now working on a fix.

After taking a closer look we realized that this might not be a typical SPF vulnerability. So we took the time to reopen it and investigate further with the appropriate team. We apologize again for the confusion and we understand that our initial response may have been disappointing. We will keep you informed of our assessment and direction of this issue. Thank you for pressing to take a closer look at this!

Google has listed the flaw as a ‘P1’ (highest priority) fix, and is currently “in progress.”