As people who read techie news pages like Engadget and Slashdot already know, a somewhat serious security flaw in GMail has recently been uncovered. Specifically, when you are logged into GMail in one browser window or tab, any other site you visit can grab your entire contact list. Whether that is a serious leak or not is a matter of perspective. Certainly, it exposes all of your friends of even more spam than they already receive.
A site that wanted to be really sneaky could exploit this information in many ways. At the very least, it could be used to very easily identify many of the people who are visiting. Knowing someone’s contact list might help in the launching of phishing attacks. It could, for example, make it easier to work out what company someone works for. You could then find out who does their information technology and send spoofed emails that seem to come from the IT department, asking for passwords or other sensitive information.
If it is a site that contains content that many people would not want others to know that they view, it could grab the email addresses for people with the same last name as you and threaten to send them information on your surfing history. A less complicated ploy would be to use emails that seem to come from people who you know to get through spam filters. Because of email spoofing, it is very easy to make messages seem to be coming from someone else.
As someone with 1037 MB of data in my main GMail account – including 14,410 emails and more than 1500 instant message conversations – I am naturally very concerned about GMail security. There is tons of stuff in there that I would be profoundly opposed to seeing on a public search engine, as has already happened in at least one case with private GMail data.
Contrary to their own assertions, Google had analysed and indexed all e-mails processed through their mail service. Due to a mistake made by an administrator, a database of the highly secret project was mirrored onto the external index servers, and as a result, the private mails of thousands of GMail users could be accessed via the search front-end for at least one hour.
Clearly, it would be preferable if GMail started using durable encryption on their archived messages. This would both protect the messages from hostile outsiders and keep Google from doing anything undesirable with them. Even a passphrase based symmetric-key encryption system (perhaps based on AES) would be an improvement. I bet all the students at Arizona State University, which had turned to GMail to provide all their email services would feel likewise, if they knew.
[Update: 11:00pm] According to Engadget, this hole has been fixed. It’s good that it was dealt with so quickly, but there are still reasons to be concerned about GMail security in general.
[Update: 2 January 2007] The mainstream media has caught up with the story. CBC News: Teen exposes Google security flaw.
[Update: 18 July 2008] GMail just added a very useful ‘Activity on this account’ feature. It tells you (a) whether any other computers are logged into account and (b) when and where the last five logins took place from. This is excellent.