Google - Steven Andiloro| Security

On May 3, Google shut down one of the most sophisticated phishing attacks of all time, which infiltrated approximately one million Gmail accounts in just under an hour.

How is this possible, you might ask?

This particular phish impersonated a Google Docs request from a trusted contact, such as a family member, coworker, or spouse. By clicking on the request, users were redirected to a legitimate Google login page, where they were asked to provide their username and password, as well as authorize the use of the infected third-party extension, “Google Apps.”

By giving permission to this extension, it was feared that users had unwittingly given scammers access to their inboxes, passwords, and other personal information. However, Google concluded that, in spite of this lack of “thinking before clicking,” only users’ contact lists were made accessible to this phishing campaign — hence the rapid distribution of these faux Google Docs requests.

Aaron Higbee, chief technology officer at the phishing research company that analyzed data from the scam, commented, “The importance of this phish is not how it spread, but rather how it didn’t use malware or fake websites tricking users to give up their passwords. This phish worked because it tricked the user into granting permissions to a third-party application. This is the future of phishing, and every security technology vendor is ill-equipped to deal with it.”

Google took immediate action in resolving the scam. The company said in a statement that they have “disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”

In spite of these extensive and preventative security measures, users should remain vigilant and keep their eyes peeled for any copycat attacks — which they should immediately report as phishing within Gmail.

Those who have fallen victim to this scam are advised to log into their accounts, go to their Permissions page and revoke any access to fake Google services, such as “Google Docs” or the aforementioned “Google Apps.” From there, users ought to change their passwords and cleanse their Gmail accounts of any spam or phishing emails.

In today’s highly technologically advanced world, we are constantly stepping closer to a world similar to that of the Jetsons, full of self-driving cars and automated assistants. Probably one of the more sought-after pieces of tech has to be the smart house. A house that is connected to the Internet and can autonomously perform a variety of mundane tasks. And while there have been major breakthroughs in this field, one area that is constantly striving to advance itself is that of home security. And it appears as though Google has come up with new technology aimed to make your home even more secure.

According to a report from Digital Trends, Google has filed a patent for an incredibly advanced security system that would work completely autonomously, thus removing the need for any manual modification.

For example, currently, any home security system must be armed or unarmed manually, by any of the home’s occupants. And while there have been major improvements in making this process easier, such as remote arming through a Wi-Fi connection, the system still requires a human being to physically and manually arm it. Google’s newest security system is looking to fix that.

The patent, originally filed in December of 2014, was updated this past November. The patent describes a system that could monitor a house through the use of several inputs, then autonomously arm or disarm the security system. That being said, there are systems available that essentially accomplish the same goal, however Google’s system wants to include more inputs to increase its intelligence. These inputs include using the home occupants’ location through the use of smartphone tracking, motion sensor information, and collected data such as the average time that the house is vacant and full. The system will then analyze all of this data in order to make an intelligent decision on whether or not to arm the house.

In order for a system such as this to actually work, the house it monitors would have to be jam-packed with high-tech gadgetry, such as sensors, cameras, etc.

It is exciting to see where the future of home security systems is headed. Keep in mind that many companies file hundreds of patents, only to let them sit for years without any further development. Hopefully Google will move forward with this patent and bring us one step closer to a truly smart house.

Steven Andiloro is the owner of Professional Security Solutions, a security company in North Carolina servicing customers nationwide!

Tag: Google

Phishing For Trouble

Google’s New Home Security System