Google’s login bug, found by a British security researcher Aidan Woods in a blog post. This bug can allow a hacker to download any malware on the victim’s computer without his/her knowledge. This is triggered when the user wants to login to his/her account and clicks the Login button.
How this bug works?
The main problem is that the Google passes a parameter “continue=[URL]” to redirect the user after successful login to the specified “URL“.
For security measures Google secured this URL by restricting it to only belong to gooogle.com domains. This is done by defining a rule for the URL that is “*.google.com/*“. So when a user provides a URL that belongs to domain other than google.com, this rule does not allow it to proceed.
Google Drive and Google Docs Can be used to carry malware!
As all the domains other than google.com are restricted by the above mentioned rule. But there is another loop hole which can allow attackers to upload malware on victim’s computer. The loop hole is that the attacker can host the files containing malware on the Google Drive or Google Docs. As Google Drive and Google Docs are meant to be perfectly secure according to the rule defined, so they can be used for this purpose.
A hacker can upload the malware either on Google Drive or Google Docs and can put that link inside login page of Google. So when the victim clicks the Sign In button, he/she will be redirected to that malicious link and unwanted malware will be downloaded on his/her PC. If the file names are chosen smartly, the victim might install those file on his/her computer.
Google Login Bug Fixation Declined by Google!
Wood tried to convince Google to fix that bug, but they refused to consider it. In fact he opened 3 bug reports to Google and all the three were closed by Google.
Here is the last statement of Google, you can find more on Aidan Wood’s blog post
This report will unfortunately not be accepted for our VRP. Only first reports of technical security vulnerabilities that substantially affect the confidentiality or integrity of our users’ data are in scope, and we feel the issue you mentioned does not meet that bar 🙁
IMPORTANT! This information is only for Educational purposes, we will not be responsible for any misuse.
So we hope you like this useful information to aware you about your Google account security. Please provide your valuable feedback in the comment section.