Bug In Gmail App for Android Allows You To Send Emails Pretending To Be Someone Else

Bug in Gmail Android app allows anyone to send spoofed emails

The times when it was common change is the address of the sending mail to play ( or deceive ) the recipients are long gone , but there is a bug in the Gmail app for Android that facilitates the use of this technique and that seems to evade filters Google spam detection.
The email service that we use has always allowed the sender could spoof the email address from which allegedly was sent – what in other times made ​​fun send emails to friends in the name of “billgates@microsoft.com” or the like . But the problem was not its use as a joke between friends , but the potential for abuse to phishing, which made it difficult to detect fraudulent emails.
Quickly e-mail services have adapted to these “games”,validating the supposed shipping address actually coincided with the server from which was to be sent ; making these emails were sent directly to the spam folder , signalling the end of an era. One was that at last seems to be definitely over.

gmail-sign-google

Apparently there is a bug in the Gmail app for Android that lets you send emails with spoofed sender email . All that the user has to do is change your name to something like:

john ” “security@google.com”
(with the trick being the two quotes placed before the fake address)

Are those two quotes that the original bug in the Gmail app for Android , which makes the email is sent to the original email address hiding , and showing the email address you want. The most worrying is that these emails are not caught by Google as spam / phishing and reach the recipients to have been sent this email – this will hinder its detection and false emails ( advanced users will still be able to go peek at the headers email to prove their veracity, but this is not something that most users go to.

Oddly, for a company that usually likes to reward those who find bugs , this time Google merely reply that he did not consider this bug a security breach.

Tags