1

Is it easy to access someone's gmail account without having that alert pop up to warn the owner?

So, for example, with gmail, if you log in somewhere different from your usual login, it alerts you that such and such ip address wants to access your email, how easy would it be to bypass that alert that goes to the owner and access someone's account? As in, is it a simple task to gain access to a gmail account without having that alert pop up to the owner? Would it be easy for someone to be able to live monitor what you're doing on your screen at all times?

I ask because my gmail has been accessed by someone unauthorized and I'm trying to figure out how it's being done.

mph85
  • 125
  • 6

1 Answers1

1

One way this could be accomplished is by spoofing IP and MAC address information for the victim. You would build a website that phishs that information from them (could be a google clone and harvest creds too), and then using tools like macspoof or ipspoof, assume their identity and from Google's eyes, their computer. This would potentially allow you to hijack a Google account without alerting to the compromise of the user.

Edit:

Another potential attack vector is a rogue access point attack which ends up having the same outcome through a different methodology. A rogue access point is configured to decrypt SSL connections and extract plaintext credentials. Systems of this nature are widely available and easy to use. The Wi-Fi pineapple is a prime example of this.

leaustinwile
  • 366
  • 1
  • 8
  • 1
    Google also fingerprints the browser, as well. Might just be the cookies, but logging in while using Firefox after years of using Chrome on the same computer still triggers emails being sent. – Ghedipunk May 03 '19 at 21:55
  • See I don't have that problem and I switch between work computers often, but I use chrome on everything. Perhaps another thing that needs to be spoofed is user-agent, using match&replace in burp suite. – leaustinwile May 03 '19 at 21:57
  • hmm appreciate the answer, so my follow up would be, is what you're saying easy to do? i know the person who has accessed my gmail without permission is not a tech type of person, but would it be a matter of just googling a few things and watching tutorials in order to figure out to do this? It's either that or he's found someone that is able to do something like that – mph85 May 04 '19 at 00:34
  • No, it requires an SSL downgrade attack which has the constraints that you must be in a Man-in-the-Middle position in the network (on your wifi with arp spoofing active). Have you considered that you may have used your credentials on their network/computer and they could've been saved in his browser cache? If you used them on his network, it's possible that since yours and his public IP would've been the same, that it didn't alert because of that. – leaustinwile May 04 '19 at 01:10
  • Upvote if it helped! – leaustinwile May 04 '19 at 01:30
  • 1
    IP spoofing for a TCP connection is a lot more difficult than you think, and there would be no need to spoof a MAC address. – AndrolGenhald May 04 '19 at 01:32
  • i upvoted, but my rep is below 15, so it won't show, appreciate the answers – mph85 May 04 '19 at 01:32
  • hm, not sure, the only thing I can think of is, I left my desktop in our office and went out of town for a week. I should've taken it, but didn't think about it. Could he have taken my desktop and done something to it in order to gain access to my information? – mph85 May 04 '19 at 01:34
  • like a keylogger or something? – mph85 May 04 '19 at 01:54
  • If he has direct access to your device, there are any number of ways he could've extracted your credentials. And @AndrolGenhald I use these TTPs every day at work, I work in adversarial simulation. MAC spoofing may or may not be necessary, but what I know about Google is that they use a lot of your device's information in order to form a pseudo-profile for your computer which is compared against previous usages. So MAC infact may be necessary for this attack, but I can't be sure. – leaustinwile May 04 '19 at 01:56
  • then im pretty sure he took my desktop and did something with it. Hmm I don't have the desktop anymore but I know he has access to my accounts that are now deleted. It seems like every time I make a new one, someone mentions something about it. Is it possible that no matter how many accounts i make, if he has access to my network, then he'd be able to figure out what gmail im using anyways? – mph85 May 04 '19 at 03:50
  • Another potential attack vector is a rogue access point attack which ends up having the same outcome through a different methodology. A rogue access point is configured to decrypt SSL connections and extract plaintext credentials. Systems of this nature are widely available and easy to use. The Wi-Fi pineapple is a prime example of this. This whole paragraph was a lot of info that I have never heard before. Is this a matter of buying something, installing it and following prompts, and even someone like me could do this? – mph85 May 04 '19 at 04:12
  • Basically, the rogue access point is very easy to use once you purchase it, and if he has local access, all he needs is a recovery USB which you can build very easily to retrieve your credentials. – leaustinwile May 04 '19 at 08:10
  • ok makes sense, let's say for argument's sake that he did something like that and gained access to my gmail and contents. I have since gotten rid of that email and have created new ones. It seems as though he is able to access those gmail accounts too for I am getting responses from people that are mentioning things within the contents of that newly made gmail almost right away. Is something like having total access to my network possible to where, no matter what email I create, he is able to access it? – mph85 May 04 '19 at 20:27