Click to Skip Ad
Closing in...

Google won’t own up to a major security flaw, researcher says

Published Aug 31st, 2016 8:00PM EDT
Google Login Malware Vulnerability
Image: Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A security researcher who hunts bugs for a living says that Google won’t acknowledge one of his findings. According to Aidan Woods, the way Google’s login pages are built would help an attacker either steal login information from unsuspecting users or convince them to install files which would appear to be downloading directly from Google.

DON’T MISS: Is the iPhone 7 going after DSLRs?

The tech giant told Woods that the issues do not qualify as bugs (and, therefore, for a payout) under its bug bounty program, so Woods went public with the information, hoping the issue would get the appropriate attention.

On his blog, Woods explains how an attacker could redirect a Google user to fake Google login page where the user could enter his or her credentials believing it’s the real thing.

One other attack would be to deliver a malware payload that would download to a user’s computer without the Google service page on the screen changing to suggest an action has been taken. The download could be malware that the user could install thinking it’s coming from Google.

Because of the way Google’s domain is built, an attacker could redirect users to properties where it’s relatively easy to upload files that could then be used for malware attacks. At least that’s how Woods described the entire thing.

Google, meanwhile, thinks this isn’t a vulnerability that hackers can use. A full email exchange between Woods and Google, as well as his elaborate explanation, is available at this link.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.