This bug, spotted by security researcher Yan Zhu, fraudeg. rerouting your personal address, which in itself can be quite problematic for security reasons.
Therefore, the young woman discovered a method to change her email address so that the sender displayed after sending appears as someone other than you. To see this defect, it will be enoughadd two extra quotes at the beginning and end of an email address.
I reported a gmail android bug that allowed me to spoof the sender email address. They said it’s not a security issue. ¯\_(ツ)_/¯
— yan⚠ (@bcrypt) 11 November 2015
Entering the options of the Gmail mobile app for Android, Yan Zhu managed to change his username and email address to something that looks more official and trustworthy. Here, Zhu then picks up Yan and then “”[email protected]””. For the researcher, the second double quotes will hide the original email address of the sender.
This bug was discovered last week and despite the risks that may be hijacked by official institutions, Google doesn’t seem to see the bug as a major threat. This can be explained by the new anti-spam filter integrated into Gmail, but if it can detect compromised email addresses, emails sent from addresses generated by this bug will not be detected by the filter at all.
While the integrity of our mailbox isn’t exactly threatened by the flaw discovered this summer, it’s still information that needs to be communicated to warn of potential situations. spammers it may refer to this error.
It remains strange that Google did not deign to react to Yan Zhu’s discovery, especially after the flaw was discovered in Chrome last week. This silence should not last long, more concrete statements are expected from the Mountain View company.