Vulnerability in Gmail feature could expose users' data
Gmail is in the midst of a redesign drive involving addition of new features, but US officials are concerned about a vulnerability that could potentially expose personal data of the users. According to cyber security officials from the US Department of Homeland Security, the vulnerability, which can be exploited by cyber crooks, lies in Gmail's 'Confidential Email' feature, ironically. Here's more on it.
What exactly is the 'Confidential Email' feature?
For those unaware, Gmail's 'Confidential Email' feature gives recipients of such emails access to protected content sent by another Gmail user - these emails can't be forwarded, copied, downloaded or printed. Other features include timed-expiry or self-destructing emails, two-step authentication, and more.
The link in a 'Confidential Email' poses a threat
If you're a Gmail user using its official website on a browser, then a 'Confidential Email' shows its contents when you click it. However, if you're using third-party clients like Apple Mail or Outlook, or you're a non-Gmail user, confidential emails show up as links. It is precisely the link in such cases that poses the security threat that has DHS officials worried.
How information can be stolen via a Confidential Email
With the Gmail redesign, DHS officials are worried that scammers and cyber criminals could send out fake versions of confidential emails and trick third-party client-based users into clicking on a seemingly 'trustworthy' link and entering sensitive information - a practice called 'phishing'. DHS officials claim they have informed Google about the "potential emerging threat...for nefarious activity".
Google's statement on the potential security threat
"The tech giant is committed to protecting the security of users' personal information and hence, had created machine learning algorithms to detect potential phishing scams that cyber criminals carry out," said Google spokesperson Brooks Hocog.
