Understanding Google My Business & Local Search
Google Maps and other Google Apps vulnerable to attack
In Friday’s InformationWeek there is an article detailing “bug that could let hackers use Google Maps to infiltrate Google, Google Mail, or Google Apps accounts“.
According to the article, a frame injection attack could be used to phish login credentials from Google users via Maps:
The Butler Group Adrian ‘pagvac’ Pastor, a security researcher with GNUCitizen.org, on Friday posted proof-of-concept code that can inject a third-party page — a fake login page in Pastor’s example — while the user’s browser address bar still displays the Google domain. This could dupe the user into entering login details.
“The beauty of frame injection attacks is that the attacker is able to impersonate a trusted entity without needing to bypass XSS/HTML filters or even break into the target server,” Pastor explained on the GNUCitizen site.
© Copyright 2024 - MIKE BLUMENTHAL, ALL RIGHT RESERVED.
Comments
4 Comments
A frame injection attack is not the way hackers have been hacking Google maps. Unfortunately it is so much easier than that. It’s a simple hole that Google is fully aware of that for some reason they refuse to close. I have proved this to myself over and over again, and I am about to write an article on the process in hopes they close the hole. Thanks, Robert
Hi Robert
I am not suggesting that they are. The article indicated that Maps was being used in an effort to phish a user name and pw. Not in an effort to hijack listings.
Mike
Thanks for posting this up – I’ll have to be more aware of this potential.
[…] Google Maps and other Google Apps vulnerable to attack […]
Comments for this post are closed.