The security bug extends within Google’s implementation of a new internet rule it has been trying to sell called Accelerated Mobile Pages (AMP). Google has marketed AMP as a process of optimizing web pages for smartphones. Started in late 2015, AMP is intended to provide simpler versions of websites that can load quicker on the often slower data links and microprocessors used by mobile devices.
To further advance things up for smartphone users, Google preloads examples of AMP pages listed in search results so they can be immediately loaded if they are finally clicked. The only way this past loading of pages can be performed is to give the cached pages Google.com URLs.
Such pre-rendered AMP pages designed by Google show the generated domain at the top of the web page content area. But within a mobile web browser’s address bar at the very top of the screen, they nevertheless appear to be from Google’s website. Furthermore, the disclaimer telling where the page actually starts will disappear as the user scrolls down the page, while the Google address will not.
Russian hacktivist group Fancy Bear (also pointed to as APT28, Sofacy, and Strontium) has been using a flaw in Google’s caching of Accelerated Mobile Pages (AMP) to phish targets, Salon reports. To create matters worse, Google has been informed of the bug for almost a year but has refused to fix it. The vulnerability affects how Google delivers google.com URLs for AMP pages to its search users in an attempt to speed up mobile browsing. This presents Google products more vulnerable to phishing attacks.
Take your time to comment on this article.