Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A security researcher revealed an error that could detect almost any Google Account, without potentially exposing the owner, potentially exposure to the risks of privacy and security risks, without warning the owner.
Google confirmed that he made the mistake after warning the company in April.
The independent researcher who is going by the handle brutecat and The findings bloggedTechCrunch said they could get a Google account recovery phone number by exploiting an error in the company’s account recovery feature.
Exploitation, including the “attack chain”, including the “attack chain”, including the target account, and exceeding the anti-bot protection mechanism to prevent the harmful spam of Google password reset requests. As a result of the exchange rate limit, the researcher also allowed the researcher to pass the phone number from each permutation at a time and reach the correct figures.
By automating the attack chain with a scenario, the researcher, depending on the length of the phone number, said it is possible to force a Google account owner to 20 minutes or less for 20 minutes or less.
To try this, TechCrunch, set up a new Google account with a previously ever used phone number, then equipped with our new Google account email address.
Shortly afterwards, Brutecat, the phone number we set up, messaged.
“Bingo :),” said the researcher.
Discover a personal recovery phone number can even be exposed to attacks, such as attacks targeting Google accounts, for example. To identify a specific phone number associated with one’s Google account can make it easier for skillful hackers to manage that phone number through a SIM swap attackfor example. By managing this phone number, the attacker can reset the password of any account associated with this phone number by creating password reset codes sent to that phone.
Given the potential risk, TechCrunch agreed to keep this story to solve this story.
“This issue has been fixed. We always stressed the importance of working with the security research union through our program, and we want to thank the researcher for the flag,” said Google Safafson Kimberly Samra Techcrunch. “This researcher presentations are one of the many ways we can quickly and resolve problems for the security of our users.”
Samra said the company saw “not approved, direct links to the operation at the moment.”
Brutecat, Google, for finding a bug for finding $ 5,000 by grace.
