Google to revamp security to fight political hacks

Gmail and YouTube icons on a smartphone screen

published 2 October 2017

Google is reportedly preparing a security update to protect against against cyber attacks and political hacking.

The update, dubbed the Advanced Protection Program, is expected to be rolled out next month and will offer new features for protecting its various software suites, according to Bloomberg, quoting two people familiar with Google's internal workings.

It's thought the new tool would effectively replace the need for two-factor authentication, and instead replace it with two physical keys. The update is reportedly aimed at senior company executives and political figures, those most at risk of being targeted by hackers.

Google's USB Security Key has been providing two-factor authentication since 2014, allowing users to plug a dongle into a machine to create tougher security measures across GSuite tools and websites.

According to the sources, the new security tools will continue to make use of the USB Security Key, but will also include a second physical key for added protection.

Google Docs users hit by phishing attack Donald Trump: Russia was likely behind DNC hack

It's unclear what specific functions the new update will bring, though the sources confirmed that the service will block third-party applications from accessing email and Google Drive accounts by default, and will receive regular updates to expand its capabilities.

During last year's US presidential election campaign, a high-profile hack on the Democratic National Committee led to the leak of email accounts belonging to senior Democratic party officials, including those belonging to Hillary Clinton's and Bernie Sanders' campaigns.

Google has been working to address vulnerabilities in its own platform. In May users were hit by a widespread Google Docs phishing scam which tricked users into clicking a link, granting a malicious third-party application access to address books and Gmail accounts.

Since then, Google has introduced AI-driven early warning mechanisms for phishing scams, click-time alerts for links contained inside emails, and new warning messages that notify users if an email recipient is outside their business network.

Google's latest tool is expected to arrive next month, however the company has yet to make any public announcement.

Picture: Bigstock

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.