There are several types of malware that can affect our computers in the middle of 2019. Although the truth is that at the moment, among the formats that are being fought the most and establishing new measures by software developers, it is against ransomware and phishing, among others.
These two types of malicious code have become more than usual in the attacks that are carried out daily on devices around the world. So the different companies involved in all this, try to do everything on their part to, as much as possible to avoid it. This is the case of the giant Google, how could it be otherwise. So now just announced a new measure that will surely affect the majority. But at the same time will help us avoid the aforementioned phishing.
The new measure of Google
Actually what has been officially announced in the blog of the search giant, is that soon plans to block the identifications by measured credentials on their platforms. From the browsers integrated into the applications, all in order to fight in a more efficient way against the commented phishing.
And it is necessary to bear in mind that in these moments, the logins that we carry out from the browsers integrated in tools and platforms of third parties, are very prone to suffer the attacks of the type man in the middle. As we know, these browsers integrated into the applications are very useful when identifying us in an existing account of another service. For example, in the Gmail, all this to access the functions of the app.
Google will launch this measure to fight against phishing in June
However, at the same time that this external identification system is very convenient, they are also very easy to convert into channels for man in the middle phishing attacks. The main reason for all this is that Google itself can not differentiate between a legitimate session initiation. And an identity theft attempt through a browser integrated in an application. Hence the company has decided to block these logins coming from integrated browsers, everything from next June.
And is that possible attackers can exploit the integrated browsers, such as Chromium Embedded Framework or CEF. All this intercepting communications between the user and providers such as Google. This is just another method that allows them to steal login credentials that we introduce in these integrated browsers. Sometimes even with authentication details of multiple factors, all in real time.
Therefore, in recent months Google has been implementing new security measures related to the beginning of the session. This is in order to protect this sensitive data of users, as we have been seeing. At the same time in just a few months we will see the obligation to switch to Chrome, or Firefox, among other mobile browsers, when logging in to access a third-party application. Which although more uncomfortable, will guarantee security of the data entered.
Also published on Medium.