Google Inc. (GOOG): More Privacy, Security Concerns?

Page 2 of 2

It seems that while Google Inc. (NASDAQ:GOOG) is compromising user privacy on one end in its dealings with app developers, it apparently has a opening in its security measures that could be exploited by hackers to hijack user accounts, according to a team of researchers. The team has apparently found a way to use application-specific passwords (ASPs) to bypass Google’s two-step login verification system for accounts.

The exploit works something like this – with those applications that don’t support two-step verification, users are required to create a separate ASP for each of those applications. Turns out, the researchers found that these ASPs could be used to access any Google service or property, even in a way that works around the two-step verification.

In describing the exploit, the researchers wrote, “… (G)iven nothing but a username, an ASP, and a single request to https://android.clients.google.com/auth, we can log into any Google web property without any login prompt (or 2-step verification).”

What do you think about Google Inc. (NASDAQ:GOOG) and its issues with privacy and security? We’d like your thoughts about these issues in the comments section below.

DISCLOSURE: I own no positions in any stock mentioned.

Please see these related GOOG articles:

Google Has the Right to be Forgotten

Searching for the King of Search

Google Tries on a New Hat

Page 2 of 2