The flaw in Google Calendar came up back in 2017, when researchers from a private security firm revealed that over a billion users are not safe from hackers. Since then Google has still not taken any action to prevent hackers from breaching anyone’s privacy.
Hackers are sending phishing links to users via Google Calendar in Gmail. They take advantage of the new feature which allows one to send invites automatically to the users’ Gmail inbox directly, and notifies them. When users click on these unknown links they are actually giving hackers access to their personal information.
Earlier this month Google announced to fix malicious invites anonymously sent. Avinash Jain, a security researcher from India contacted Davey Winder (Forbes’ reporter), who worked to resolve this issue, and to ensure it stops. He told reporters that though he has been able to find loopholes, which means they can be resolved, however, there are bigger flows of information which still provides hackers a gateway to send such invitations. This has been reported in Forbes.
The flaw pointed out by Avinash is not in the codes but it is a mis-configuration matter combined with poor user visibility. For G Suite admins mitigation options are present, but they are not enabled by default.
In their reply to Winder, Google said,
“Google’s Terms of Service and Product policies prohibit the spreading of malicious content on our services, and we work diligently to prevent and proactively address abuse. Google offers security protections for users by warning them of known malicious URLs via Google Chrome’s Safe Browsing filters.”
Google thanked the consumers for their patience and assured that it will be reduced soon,
“We’re aware of the spam occurring in Calendar and are working diligently to resolve this issue. We’ll post updates to this thread as they become available. Learn how to report and remove spam. Thank you for your patience.”
The problem occurs when a user share calendar event publicly, those events can easily be found by searching on Google. Jake Moore, cyber-security specialist at ESET, says that “if companies choose to use Google for their business calendar events, those firms must consider providing adequate training to make sure their employees understand the risks around keeping their company data secure.”
Apple is reportedly preparing for a significant design overhaul with its iPhone 17 series, blending…
Karachi: A private school in Karachi has unveiled Pakistan’s first AI-powered teacher, a groundbreaking move…
Third-party apps have long been a staple of the Android ecosystem, but their appeal has…
ISLAMABAD: The Competition Commission of Pakistan (CCP) has completed its Phase-II review of Pakistan Telecommunication…
Xiaomi has shattered records by producing 100,000 vehicles in just 230 days. This is nearly…
OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…