Does Gmail Have A Basic Security Design Flaw?

I am a heavy Gmail user who lives in China. So far my Gmail account has not hacked (or at least as far I can tell). Living in China and having read about the various intrusions into Gmail, I know to regularly check my account access and forwarding settings to ensure no unwanted changes have been made. As Google states in its official post about the recent attacks:

Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.

The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)

These latest attacks highlight a basic flaw in the design of these Gmail features. Yes, two factor authentication makes it much harder for a bad actor to steal your password and access your account. But as How a Malicious Adobe Flash File Caused the China Gmail Hack [VIDEO] apparently shows, hackers can exploit security holes in other programs to make changes in your Gmail account access and forwarding settings even if they do not have your Gmail password.

Google and Gmail users should assume that hackers will always try to crack Gmail, and that some will be successful.

Google must alter the processes for changing account access and forwarding settings. If I want to grant access to another account or allow forwarding, Google should force a double confirmation, either through sending an email to your secondary email account or requiring two factor authentication (or some variant of it) before those changes to your settings take affect. Google should also send your account (and your secondary account if you have one) a message informing you when changes to either of these two settings have been made. That message should stay at the top of your inbox and not be deletable for some period of time, to ensure that you, and not just a bad guy with access to your inbox, sees it. If you didn’t make those changes then you will learn quickly that there is a bad guy in your mailbox.

No email system can ever be secure, and Gmail is probably the most secure one out there. But it is still not secure enough.

Subscribe to the Sinocism China Newsletter email. Free

  • Dadanada

    My yahoo account was hacked by somebody in Macedonia and they sent virus-containing email to all my contacts.  Gmail has better security because they will freeze your account if they think someone is trying to break in.  Problem is that any complex software presents numerous possibilities for exploitation by bad guys – this is what happened to MSFT windows and now its happening to Google.  Not really their fault – the browser and its plugins like Adobe flash are the problem.  Need to revise the security model of the whole browser ecosystem – force the browser to only communicate with the web site shown in the address bar – but businesses dont want to do that because it will break so many web business models.