Gmail用戶請小心!有外國安全研究人員發現,駭客可能透過Google Drive漏洞將惡意檔案寄至用戶信箱,甚至導致帳號遭入侵,而Gmail的安全警告機制在此情況下竟形同虛設。
根據《太陽報》報導,當郵件內附上Google Drive連結時,Gmail原本設置的多項安全檢查機制會出現明顯漏洞。研究人員伊爾卡希(Ben Ilkashi)指出,Gmail並未真正掃描Google Drive連結內的檔案內容,反而直接在郵件上標註「已通過Gmail掃描檢查(Scanned by Gmail)」,使得郵件順利送達用戶信箱。
通常Gmail無法確認檔案安全性時,會提醒用戶「我們無法掃描此檔案,請自行承擔下載風險」。然而在此次測試中,這類警告完全消失,使用者可能因此誤信檔案已獲驗證為安全,僅需點擊一次便會下載病毒或惡意程式。
Google已證實該漏洞確實存在。該公司表示,保護Google Workspace用戶安全始終是首要任務,並正在研擬解決方案。Google強調,Gmail與Google Drive平時仍會自動阻擋絕大多數惡意檔案,包括危險的可執行附件,以防其進入用戶信箱。
此項發現提醒使用者,即使郵件顯示已通過安全掃描,在點擊Google Drive連結前仍應保持謹慎,並避免從陌生寄件者下載檔案。
'%3e%3cpath%20d='M195.06%2051.1096L116.493%2038.7498C113.602%2038.2951%20110.821%2040.0467%20109.983%2042.848L99.4573%2078.0057L98.5717%2080.9652L94.4043%2094.8867L112.554%2091.5437L177.269%20112.754C180.395%20113.778%20183.75%20112.025%20184.693%20108.875L199.755%2058.5646C200.771%2055.1722%20198.561%2051.6612%20195.062%2051.1116L195.06%2051.1096Z'%20fill='%23B0DFFF'/%3e%3cpath%20d='M166.485%2077.1477C165.793%2079.4607%20167.106%2081.8963%20169.419%2082.5882C171.732%2083.2802%20174.167%2081.9675%20174.859%2079.6545C175.551%2077.3415%20174.238%2074.9059%20171.925%2074.2139C169.612%2073.522%20167.177%2074.8347%20166.485%2077.1477Z'%20fill='white'/%3e%3cpath%20d='M145.899%2070.9836C145.208%2073.2967%20146.52%2075.7322%20148.833%2076.4242C151.146%2077.1161%20153.582%2075.8034%20154.274%2073.4904C154.966%2071.1774%20153.653%2068.7418%20151.34%2068.0499C149.027%2067.358%20146.591%2068.6706%20145.899%2070.9836Z'%20fill='white'/%3e%3cpath%20d='M125.312%2064.8196C124.62%2067.1326%20125.932%2069.5682%20128.245%2070.2601C130.558%2070.952%20132.994%2069.6393%20133.686%2067.3263C134.378%2065.0133%20133.065%2062.5777%20130.752%2061.8858C128.439%2061.1939%20126.004%2062.5066%20125.312%2064.8196Z'%20fill='white'/%3e%3cpath%20d='M5.25804%200.00279501L74.4703%202.27626C77.0166%202.35929%2079.1082%204.3125%2079.3672%206.84692L82.6212%2038.6359L82.896%2041.3107L84.185%2053.8978L69.2097%2048.0718L10.3981%2055.6296C7.55918%2055.9954%204.97534%2053.9473%204.68473%2051.0985L0.0270836%205.61134C-0.287248%202.54315%202.17601%20-0.0980284%205.25804%200.00279501Z'%20fill='%230073B8'/%3e%3cpath%20d='M25.4393%2026.9418C25.6528%2029.0334%2024.1325%2030.9016%2022.041%2031.1151C19.9494%2031.3286%2018.0812%2029.8083%2017.8677%2027.7167C17.6541%2025.6251%2019.1744%2023.7569%2021.266%2023.5434C23.3576%2023.3299%2025.2258%2024.8502%2025.4393%2026.9418Z'%20fill='white'/%3e%3cpath%20d='M44.0521%2025.036C44.2656%2027.1276%2042.7453%2028.9958%2040.6537%2029.2093C38.5622%2029.4228%2036.694%2027.9026%2036.4804%2025.811C36.2669%2023.7194%2037.7872%2021.8512%2039.8788%2021.6377C41.9704%2021.4242%2043.8386%2022.9444%2044.0521%2025.036Z'%20fill='white'/%3e%3cpath%20d='M62.6668%2023.1303C62.8803%2025.2218%2061.3601%2027.09%2059.2685%2027.3036C57.1769%2027.5171%2055.3087%2025.9968%2055.0952%2023.9052C54.8817%2021.8136%2056.4019%2019.9454%2058.4935%2019.7319C60.5851%2019.5184%2062.4533%2021.0387%2062.6668%2023.1303Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_926_14682'%3e%3crect%20width='200'%20height='113.047'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
無任何留言,趕緊搶頭香!