PoC works with Google, Yahoo and Microsoft email services

Jan 21, 2015 13:47 GMT  ·  By

Names associated with accounts to Google, Yahoo and Microsoft’s email services can be found out due to an issue present in Google Maps Engine and Drive cloud storage, a security researcher discovered.

This information is delivered upon sending an email to someone, but this implies that the sender initiates a message exchange with an intended recipient.

Enter Gmail Account Full Name Revealer

However, Kevin McSheehan found a way to obtain the detail without having to receive an email from the target via Maps Engine. To demonstrate the validity of his findings he created a proof-of-concept (PoC) app that returns the name for an email account based only on the provided address.

McSheehan sent the details of his research to Google, but the team did not classify the issue as a security vulnerability.

The utility created by the researchers is called Gmail Account Full Name Revealer and the code it relies on has been made open source. For those who want to try the app, there is a live PoC available.

Make sure to check out the permissions the web app asks for so that it can function properly; revoking access to the Gmail account can be done from the Google Account settings panel.

In a conversation with Google regarding the origin of the information, McSheehan said that “they’re either google account backup emails or you guys store a massive database of name/email data based on incoming/outgoing mail and/or contact lists and this is pulling from that.”

From what we’ve seen, the names represent the “send mail as” information provided by the user, as changing this string causes Gmail Account Full Name Revealer to display the updated detail.

Scammers may appreciate the finding more than Google

Even if this data may appear of little value, it is an asset for fraudsters, who can take advantage of the issue in Maps Engine and Drive to learn the names of potential victims.

They could use this to devise malicious emails that could pass as perfectly legitimate; and given that there are emails galore spilled into the public domain, they definitely have a great starting point.

In official email communication, companies use the name provided by the customer in order to eliminate suspicion of fraudulent messaging.

Since they don’t have the name of the potential victim, scammers use vague salutation, which is often a hint that the email is a fraud.

McSheehan points out that the real name of the target will not be revealed with 100% accuracy because users may provide an alias; other times, a null result will be returned “but most of the time what you’ll end up with is either a user-set display name, or in most cases, the first and last name the target entered while signing up for the account.”

Gmail Account Full Name Revealer (5 Images)

Gmail Account Full Name Revealer permissions
Revealer works with Hotmail addressesFlaw shows name associated with Live emails
+2more