Advertisment

Google + a gateway for malicious authors?

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: After Orkut, Buzz, now it is Google+. But the striking fact with  Google+ is that someone can add you on to their 'Circles' without your prior approval. So if someone receives a message saying ‘This is an invitation to Google+’, there is a big chance that the recipient is very happy about the invitation or perhaps out of curiosity will follow the link without checking its validity.

Advertisment

If the invitation is a malicious one, a user can end up on a fake Website and unless they notice something strange on the page, it is likely they would give up their data.

 

In an interview to CIOL, Tamas Rudnai, Security Researcher, Websense Security Labs, discusses some of the security threats that Google+ invites bring to Internet users.

Advertisment

Q: Is this a first-of-its-kind instance where social networking invites are being targeted?

Tamas Rudnai: Google+ is a very new social networking site and, as Google is very popular, the interest of a social networking option from them is highly anticipated. We have seen Facebook and Linkedin malicious invites before; however, with Google+ it is different. Who can try Google+ out is very limited.

Naturally people are curious, and some desperately want an invite enough to openly ask on other social networks or on their IM’s status message. For a malware author it makes it easy to target potential victims as there are many who would be eager to click on a (malicious and fake) invite without first checking the link.

Advertisment

Q: Considering the fact that India is among the top 3 countries that are signing on to G+, do you think the security of users (specially since India has an older OS PC base) is at risk on the "beta phase" social networking site?

Tamas Rudnai: Definitely. As another Google-owned social network, Orkut is very popular in India, we can expect this region is more open to switching over to Google+ instead of Facebook. The fact that it is currently in ‘beta’ presents risk for a few reasons; as the number of people who can try is limited the demand is higher for it — kind of status symbol that ‘I have it already’.

Further, not too many people know really how it looks like or behaves, so it is easier to setup a fake page that asks for Google passwords or other sensitive information without people noticing the difference.

Advertisment

Using these stolen passwords helps the criminals to gather contact lists from Google accounts and send invitations to all to further expand their contacts. Then these friends will think their friend sent the invite and they will be very happy to get one because of the above reasons. The criminals can also ask users to install a software.

Q: With G+ apps now available on Android and iOS devices, can this complicate the matter further in terms of security on mobile devices?

Tamas Rudnai: There is the possibility to see malicious Android apps which are either repacked ones or just truly fake apps. It is unlikely we will see these on the official Google market or Apple Store though.

Advertisment

Q: With Google's latest social networking still in beta phase, do you foresee further efforts from cybercriminals to exploit user interest in the site? What possible means can be deployed to exploit the site and its users?

Tamas Rudnai: Definitely. We expect pretty much the same activity as we can see on Facebook. Google makes it possible to include someone on a circle even if that person has not yet accepted the invitation. So, for example, I can setup an account and include many people in it and when I have enough just share a spam message… To some extent this is, on the face of it, a less secure way of communication compared with the Facebook counterpart.

Q: How exposed or vulnerable is user data if there's a security flaw loaded on a mobile device via an app or a social network's mobile site? Has any such incident occurred recently?

Tamas Rudnai: Most malicious Android apps do one or more of the following (not necessarily all):

1. Sending text/multimedia messages to premium numbers

2. Sending out IMEI/IMSI numbers allowing criminals to cloning their phones

3. Rooting the phone using vulnerabilities

4. Downloading other malicious apps from the attacker’s sites

Some use vulnerabilities to escalate root privileges on Android allowing the attacker to do virtually anything on the phone. This means it is quite possible to use the device for further malicious activities, steal contact lists, phone numbers, messages, location of the user (so they know when to break into their homes) etc.

tech-news