[ctvo]

I assumed it was T-Mobile after I wiped the phone and had the follow-up incident where a verification code via SMS was successfully verified.

I used an iPhone, Safari mobile, Google search engine.

[burna_aws_acct]

There's also this giant vulnerability with Apple Webkit, across all devices, that was patched 13 February 2022: https://9to5mac.com/2023/02/13/macos-13-2-1-webkit-security-....

[burna_aws_acct]

SMS in unencrypted, and Google SE has been compromised for much if not all of 2022. From what I can tell the issue persists. I officially reported it in December, and again in January, and again in February. Pretty wild, TBH. Think about the number of services that have Google SE and Ads integration. Makes me nauseous.

Did you happen to report to Apple and Google (for documentation)?

[ipython]

In what way is the google search engine compromised?

[burna_aws_acct]

Ways which I shared with Google, because it's a very serious privacy and security vulnerability.

We need more robust security integration to catch things before they are pushed to results. I understand latency will increase, and some ads revenue will decrease. But like, isn't it also cool to have a customer base that is better protected against egregious attacks, attacks that could be prevented? IMO, yes. It's called "stewardship."