How your Gmail can get hacked

[Shantanu12]

All those Gmail fans out there, here's an important piece of security news for you. A blogger, Brandon Partridge, on Geek Condition has reported that a security vulnerability in Gmail may allow an attacker to hack into Gmail users accounts.

What exactly it is

According to the blog, the security vulnerability may allow an attacker to set up filters on users' email accounts without their knowledge.

Web developer Partridge warned that an attacker can force unsuspecting Gmail users to create malicious message filter without their knowledge.

Through this, the attacker can hijack messages sent to the victim's Gmail account by redirecting specific messages into the trash and forwarding a copy to the attacker, or so Partridge claims.

Victim can lose his domain

In the post on Geek Condition Brandon writes that the vulnerability has caused many people to lose their domain names registered through GoDaddy.com. GoDaddy is one of the largest domain name registrar and is the flagship company of The Go Daddy Group Inc.

The security flaw in Gmail allows a hacker to forward GoDaddy account reset information by the victim without his/her knowledge or consent. This is done by creating a filter that forwards GoDaddy's `change of password' mail to the hacker and deletes it from users' inbox.

How hacker creates filters

Wondering is it possible to create a malicious filter without having access to a user's Gmail username and password? No, it is not. However, hackers can force users to create the filter without their knowledge.

When a user creates a filter in Gmail account, a request is sent to Google servers to get it cleared. The request is in form of a URL with many variables that the browser doesn't display. However, web browser FireFox and a plugin called Live HTTP Headers, displays exactly what variables are sent to Google servers.

Through a process of elimination, the role of each variable can be ascertained. A particular variable is equivalent to the username which is permanent. Other variable can be determined by tricking the user to visit a web page that has a malicious code. This malicious code steals the cookie from the user and creates an iframe with a URL containing the variables that authorise Gmail to create filter for the user's account.

Source : infotech.indiatimes

[Shantanu12]

How can you prevent it

In order to prevent hackers to exploit this loophole, frequently monitor your filters. In case you find something suspicious, report it immediately.

Firefox users can download an extension called NoScript that helps prevent such hacks, suggests Brandon. And always remember being cautious can help you save from many such attacks.

Also, to avoid becoming a victim to such attacks, Gmail users should log out of their accounts when they are not in use, as well as avoid visiting websites you don't trust.

How Google can help

To avoid such vulnerabilities, Brandon says that Google needs to device a mechanism which makes variables or session authorisation Key expire after each request than expiring after each session.

Meanwhile, a Google spokesperson reportedly told media that the company was trying to contact Brandon for specifics on his proof of concept.

The company representative said that Google is trying to reach the blogger making this claim for more details, but we haven't seen evidence that this would be specific to Gmail.