• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Stellantis probes data breach linked to third-party provider

 | 

FBI alerts public to spoofed IC3 site used in fraud schemes

 | 

EU agency ENISA says ransomware attack behind airport disruptions

 | 

Researchers expose MalTerminal, an LLM-enabled malware pioneer

 | 

Beware: GitHub repos distributing Atomic Infostealer on macOS

 | 

ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

 | 

Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A cyberattack on Collins Aerospace disrupted operations at major European airports

 | 

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

 | 

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

 | 

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

 | 

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

 | 

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

 | 

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

 | 

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Security
  • De-Anonymize Google Users with new Timing Attack

De-Anonymize Google Users with new Timing Attack

Pierluigi Paganini September 09, 2014

De-Anonymize Google Users with new Timing Attack is possible, it is also possible identify Tor users if they’re logged in to Google while using Tor browser.

De-anonymize Google users is the goal of different studies and a new research conducted by Andew Cantino, the vice president of engineering at Mavenlink, demonstrates that it is possible to demasking Google users with a Timing Attack under particular conditions.  In the past Cantino had been awarded a bug bounty from Google three times.

Google has confirmed the attack scenario, but told to Andrew Cantino it would not address the issue because the risk of exposure is ranked as low.

“the risk here is fairly low, both in terms of impact and difficulty of exploiting this against a large population, and we don’t have an effective solution”. said Google.

“I agree that this could be hard to fix, but it also could be used for very creepy purposes against targeted individuals,” “It goes to show how difficult it is to stay anonymous online.” commented Cantino.

Cantino provided the details of the attack in a blogpost, an attacker can target a user or an organization share a Google document with one or more email addresses, but taking care to uncheck the option whereby Google sends the recipient a notification.

“Now the attacking site can figure out when someone logged into any of the shared addresses visits their site.This is mostly useful for very targeted attacks, where an attacking site needs to behave differently based on who is viewing. This could be used for spear phishing, identification of government officials, demasking users of TOR, industrial mischief, etc.” said Cantino.

Using the technique explained by Cantino, a threat actor could track victims when they logged into a shared address visits the attacker’s site, the experts remarked that the techniques could be adopted in spear phishing attack or to de-anonymize Tor users if they’re logged in to Google while using the Tor browser.

The attacker can set up a malicious page that repeatedly instantiates an image whose source points at the URL of a Google Drive document. The time necessary to load the page will be greater if the document is not viewable. The onerror callback of the image is triggered in both cases, viewable or not viewable,  because the result isn’t an image, but the attacker can record the time from the image instantiation to triggering of the onerror.

 

 

de-anonymize Google users

 

Cantino revealed that during its tests the loading process took an average of 891ms when the document was available, meanwhile the loading time was 573ms when it was not. Of course, the time depends on the speed of the connection used, for this reason it makes sense to simultaneously test against a document that is always known to be inaccessible, then compare times with the probe document.

A bad actor could use the attack to try to identify a user who’s on Tor if it is logged into his Google account, or anyway to allow the attacker to target the attack on specific users view malicious content.

“What this sort of timing attack can allow is de-anonymizing of specifically targeted Google users as they browse the web.  If you control a website and want to know when a specific user with a specific Gmail address visits your site, you could use this technique to identify them, even without setting a cookie,”  “Imagine you want to build a page that behaves differently when a certain Google user views it, either because you’re conducting a spear phishing attack to gain their trust, or simply because you want to conclusively log that they visited your site.  You could silently share a document with this user, then determine when they visit a website you control.”Cantino said.

Pierluigi Paganini

(Security Affairs –  Google users, Tor)


facebook linkedin twitter

Google Google users Hacking phishing privacy spear phishing

you might also like

Pierluigi Paganini September 22, 2025
Stellantis probes data breach linked to third-party provider
Read more
Pierluigi Paganini September 22, 2025
EU agency ENISA says ransomware attack behind airport disruptions
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Stellantis probes data breach linked to third-party provider

    Data Breach / September 22, 2025

    FBI alerts public to spoofed IC3 site used in fraud schemes

    Cyber Crime / September 22, 2025

    EU agency ENISA says ransomware attack behind airport disruptions

    Security / September 22, 2025

    Researchers expose MalTerminal, an LLM-enabled malware pioneer

    Malware / September 22, 2025

    Beware: GitHub repos distributing Atomic Infostealer on macOS

    Malware / September 22, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT