Gmail Bug Would Have Allowed Attackers To Spoof Emails

One of the ways that might result in your online accounts getting compromised is to fall prey to scam emails. While it might be easy to recognize an email as being spam, sometimes when the attacker uses spoofing to trick users into believing it’s a legitimate email, that’s when the trouble begins.

You would think that platforms like Google’s Gmail would have safeguards against these types of things, but as it turns out that might not necessarily have been the case. This is thanks to security research Allison Husain who had discovered a bug that would have allowed attackers to send spoofed emails through Gmail.

This bug would have allowed the attacker to bypass certain security protocols like the Send Policy Framework and Domain-based Message Authentication , Reporting, and Conformance that would have otherwise protected users from such attacks. The good news is that Google has since fixed the bug, but it was noted that it took the company about 137 days to close it.

It is unclear if attackers might have taken advantage of the bug while it was still active, but to date there doesn’t appear to be any evidence of that happening, so while it took Google a while to close it, thankfully there weren’t any issues.

Tyler Lee
Categories: General
Tags: GMail, Google, Hack, Security