3 Replies Latest reply on May 10, 2017 2:47 PM by Anonymous

    Google accounts are almost open for corrupted governments: a security bug and its resolution

    Anonymous

      Whenever the password of an account is forgotten or hacked, there are different ways to recover/renew the password. One of these ways is using the mobile phone number. In this method, the owner of the account that has registered a mobile phone number in the account, receives a code/key by SMS. Using this code, the password can be changed, and a complete access to the account is provided. Nonetheless, such a key is not very secure. This is because of the access of the corrupted governments to the mobile network contents, specifically the SMS.

      In the link below you can find a PDF file which I have provided to describe this security bug in detail as a real and schematic process. The resolution to this bug is also mentioned.

      https://drive.google.com/file/d/0B8AqjYFfBKw0MGFRTWduQWhRanM/view?usp=sharing