Google product manager of account security Jonathan Skelker, the author of the blog post, describes the process as follows:
‘Man in the middle’ (MITM) is hard to detect when an embedded browser framework (e.g., Chromium Embedded Framework — CEF) or another automation platform is being used for authentication). MITM intercepts the communications between a user and Google in real-time to gather the user’s credentials (including the second factor in some cases) and sign in. Because we can’t differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June. This is similar to the restriction on webview sign-ins announced in April 2016.
The post notes that developers need not worry too much about the changes taking place. The reason for this is that Google is using the following fix:
The solution for developers currently using CEF for authentication is the same: browser-based OAuth authentication. Aside from being secure, it also enables users to see the full URL of the page where they are entering their credentials, reinforcing good anti-phishing practices. If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today.
It will be interesting to see how this change affects the prevalence of man-the-in-middle attacks in Google products. Regardless, it is nice to see Google taking more initiative with its security protocols as they have been embattled for quite some time (thanks to Play Store malware and other issues).
Featured image: Flickr/Carlos Luna
Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.
Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…
Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…
What will be in your living room or on your wrist this year? It may very likely be one of…
As virtualization becomes a major part of organizations’ infrastructure, these SD-WAN technologies provide faster and more reliable networking solutions.