Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Google Login Page Bug Can Lead to Automatic Malware Download

vissha

By vissha
in Security & Privacy News

Recommended Posts

vissha

vissha

Posted
Posted

Google Login Page Bug Can Lead to Automatic Malware Download

 

google-login-page-bug-can-lead-to-automa

 

Google declined to classify this as a security issue

 

Quote

British security researcher Aidan Woods discovered an issue on Google's login page that allows clever attackers to automatically download files on the user's computer when he presses the Sign In button.

 

The problem at the heart of this security issue is the fact that Google allows the "continue=[link]" as a parameter in the login page URL that tells the Google server where to redirect the user after authenticating.

 

Google has anticipated that this parameter might cause security issues, and has limited its usage only to google.com domains using the "*.google.com/*" rule, where * is a wildcard.

 

Attackers could host malware on Google Drive/Docs

 

Woods figured out that this meant that drive.google.com or docs.google.com links could be passed as valid "continue" parameters inside the login URL.

 

A clever attacker could upload malware to his Google Drive or Google Docs account, take the URL and hide it inside the official Google login link.

 

Users that would receive this link inside a spear-phishing email would most likely be tricked into thinking it's the real Google login URL.

 

When the user accesses this page and logs in, a file will be downloaded without user confirmation on the user's PC when the victim presses the Sign In button.

 

A cleverly named file such as "Login_Challenge.exe" or "Two-Factor-Authentication.exe" would trick less technical users into installing malware on their computers.

 

Google declined to fix the issue

 

Woods says that he attempted to notify Google's security team about the issue, but they closed all of his three bug reports he opened to let them know about the bug.

 

Below is a snippet from Google's final reply, but you can read the entire email exchange on Woods' blog.

 

Quote

“  Thanks for your bug report and research to keep our users secure! We've investigated your submission and made the decision not to track it as a security bug. This report will unfortunately not be accepted for our VRP. Only first reports of technical security vulnerabilities that substantially affect the confidentiality or integrity of our users' data are in scope, and we feel the issue you mentioned does not meet that bar :(  ”

 

 

Source

Link to comment
Share on other sites
  • Replies 1
  • Views 612
  • Created
  • Last Reply
Holmes

Holmes

Posted
Posted

Whats funny is if they say that and go fix it and then say they ended up finding a security issue and they take credit for the find wouldnt surprise me.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...