Gmail bug alert: Cybersecuirty engineer discovers bug allowing spammers to bypass security check1 min read 04 Jun 2023, 06:24 PM IST
Chris Plummer, a security architect at Dartmouth Health has discovered a bug in Gmail to dupe Google’s authoritative stamp of approval, ultimately making end users believe that the email address is genuine.
Google rolled out blue verified checkmark to Gmail accounts that acts as a safety standard, allowing users to differentiate between the genuine and phishing emails. Sadly, scammers have managed to surpass the security check, convincing Google that their account is real. Chris Plummer, a security architect at Dartmouth Health has discovered a bug in Gmail to dupe Google’s authoritative stamp of approval, ultimately making end users believe that the email address is genuine.
“The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account, to a UK netblock, to O365, to me. Nothing about this is legit. Google just doesn’t want to deal with this report honestly," he says.
Now, Plummer reported his discovery to Google. The tech giant, initially, dismissed his discovery as ‘intended behaviour’. But as the tweet went viral, Google acknowledged the error and said:
“After taking a closer look we realized that this indeed doesn't seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. We apologize again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this! We'll keep you posted with our assessment and the direction that this issue takes. Regards, Google Security Team".
Plummer says that Google has listed the flaw as a ‘P1’ (top priority) fix, which is currently “in progress."
"Exciting news! Mint is now on WhatsApp Channels 🚀 Subscribe today by clicking the link and stay updated with the latest financial insights!" Click here!