If you have more than one email id, then it is ok with Google which does give the users an option of linking email addresses. Moreover, forwarding address option is also available in Google and it is possible to forward to any email. Pakistani students are known for their genius, recently a student named Ahmed Aftab who is the CEO at Security Fuss invented a technique as an expert hacker that astonished the world. He proved that Google’s methods are vulnerable to authentication or verification bypass.
In this case, the following points are very important for finding the problems.
1- Recipient’s Simple Mail Transfer Protocol (SMTP) is offline
2- The recipient has deactivated his email
3- If recipient does not exist
4- Recipient exists but has blocked us
Moreover, the procedure is as following:
- First, an attacker on the web tries to confirm that he owns a particular account say email@example.com
b. In return, an email is sent by Google to him at firstname.lastname@example.org for confirming the account.
c. email@example.com is not capable of receiving email so sender (attacker) receives the email
- The verification code is sent in this email
- Later on, the attacker takes that verification code and now he can confirm that he owns firstname.lastname@example.org.
The Reward Program by Google For Vulnerability
The Google Vulnerability Reward Program was started with a goal to find out the problems, issues and bugs in this system. This is what makes this system so weak, the web service of Google is vulnerable. The scope also develops the apps and extensions published on the iTunes. It is also published on the Google Play and Web store of Chrome.
The vulnerability of the reward program is calculated ina way that the bug has to reside in any one of the following categories:
- Cross-site scripting
2. Cross-site request forgery
3. Mixed-content scripts
4. Authentication or authorization flaws
5. Server-side code execution bugs
In the above-mentioned areas, the vulnerabilities are possible and any technical expert who has a deeper knowledge of hacking can find and explore these weaknesses for Google and let them know. That is why Pakistani guy was eligible for this reward.