Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Google would block sign-in attempts through embedded pages

20 April 2019 2

Cyber crimes are widespread and there could only be a limited number of plugs that you could place in order to avoid them. As the technology is progressing, hackers have found their way through the systems, coming up with new innovative ideas to get pass through the cybersecurity precautions in place.

One of the most popular alternatives to login system is the one-time single sign-in solution from Google that allows a user to once enter their Gmail username and password and they could use the system username and password for all the website (that support this) to login without a hassle to enter user credentials each time they wish to log in.


Though unfortunately, hackers have found a way through this to capture user’s Gmail credentials and even the 2FA token. This happens when there is a login page embedded within another one acting as a relay or a middle man, thus capturing the Gmail data through Google single sign-in feature. This empowers the hackers to copy your cookies or to impersonate you easily. This method of phishing attack is called MITM (Man in the middle) technique.

To fix this, Google is now blocking sign-in attempts from embedded pages. This technique allows the hacker to capture the user credentials passing through the exchange of data packets. Though after this step taken by Google, it would be a great help to the web community considering how serious it’s drawbacks could be.

Have you ever gone through such a scenario before? Share your experience in the comment section below.


2

comments

Google would block sign-in attempts through embedded pages
Write a comment...
New products

Intel shares more details on 10th-gen laptop CPUs and makes them ready for PC makers

Rumors

Poco F2 exists! This alleged screen protector and a tip claim so

New products

MediaTek launches Helio G90 gaming-centric SoC for budget phones

Google

Google confirms Pixel 4 facial recognition and Motion Sense gestures