Google Meet’s Open redirects can lead the user to a spoof website where they may become victims of phishing

Security researchers have recently pointed out a vulnerability in Google Meet URL redirection feature that can lead users to spoof domains and become victims of cybercrime.

Sean Wright, a cybersecurity researcher has mentioned in his blog that the problem arises during Google Meet sessions when users are redirected by Google to follow a URL. Google converts these URLs into Open Redirects that lead the user to another website. Now, this website is chosen by the person who developed that bridging link. When this link is posted in personal messages over Google Meet, they appear as a Google Meet link which eventually takes the users to their desired URL.

An example:

This is where things can get easier for the cybercriminals to lure the users using this URL and make them a target of a phishing attempt. They can ask the user to enter any information, and the user who would be under the impression that it is being asked by Google to let them continue their Google Meet session, would not even think about anything and will provide all the information to the phishers and hackers.

Sean Wright says that one reason the users act so naively is that they only look at the first part of the URL to judge whether a link is valid or not. Now, cybercriminals are also evolving with time and becoming really smart in their tactics. So, what they do is that they make the first part, or the beginning of a URL appear totally legitimate. For instance,

However, the domain name may contain some clues that the URL is fake, but before the users realize this or take time to think about it even, the majority of them already click through the link and are redirected to a fake Google login page.

Another thing that increases the risk of these users becoming a target of phishing is that users believe that the link that is being generated during a Google Meet session may require authentication at least. However, Google does not provide any two-factor authentication for this process and it is completely accessible by a simple click on the generated link.

The cybercriminals can use this vulnerability to mask the redirect URL and it can then be truncated, and this kind of attack is very difficult to detect as per Sean Wright.

Google does not take it as a major issue though. It believes that this argument is not right that the redirectors can help cyber criminals because the users may trust the mouse hover tooltip over a link without examining the address bar while the navigation is taking place. As per Google, these tooltips are not reliable security indicators. They can be flawed in different ways and that is why the company invests heavily into technology that can detect and alert the users about any suspicious activity.

Google understands that if the redirector link is not properly constructed, it can lead to serious consequences, but overall, the company is pretty confident that their Chrome browser’s Safe Browsing Site Status tool is very effective to prevent the users from going on suspicious sites.

Read next: Google announced to soon list COVID-19 vaccination locations in Google Search and Maps
Previous Post Next Post