Moroccan Expert Finds “Unmonitored” Open Redirect Vulnerability in Google

Abdelmorite Eljoaydi is the one that has discovered the security hole

By on February 15th, 2013 12:11 GMT

Moroccan security researcher Abdelmorite Eljoaydi, aka Jigsaw, has identified an open redirect vulnerability that affects Google.

The expert has told Softpedia that the vulnerability is different from other open redirect issues identified in Google services.

“The vulnerability that I have found recently is an unmonitored redirection,” Eljoaydi explained.

“The phisher in this case can handle the validation hash value and control the redirect to his website – which includes malware, scams, etc – and use it for bad purposes by doing a simple trace of his website on Google search engine and replacing the hash value after the parameter ‘&usg={Specified hash}’.”

He has found that an attacker can use the method to bypass Google’s security checks and take advantage of the site’s functionality because “the destination parameters can’t be avoided, and the supplied hash value is static for each website, and authorized for the user.”

“Every time phishing attempts have a more trustworthy appearance. And in this case we are face to face with what we call in the security world, [URL Redirection]. The important part is that when an attacker can control the redirect location, they can exploit it for nefarious purposes - usually this means spam or phishing attacks,” the researcher added.

Moreover, cybercriminals can use resort to obfuscation techniques to ensure that the malicious links don’t raise any suspicion.

Eljoaydi has notified Google about his findings. However, the company believes that “the usability and security benefits of a well-implemented and carefully monitored URL redirector tend to outweigh the perceived risks.”

Google has been notified on several occasions about such vulnerabilities, but each time the response was pretty much the same.

Additional technical details of the vulnerability, the risks posed by it, and some suggestions on how the issue can be addressed are available here.

2 Comments