If you make use of Google Drive for your personal or business use you should be aware of a flaw that was recently discovered in the Mountain View-based technology giant’s cloud storage service. The new flaw makes you vulnerable to malware and spam attacks if you often access shared files on Google Drive.
The flaw, discovered by A. Nikoci and reported by the The Hacker News shows how Google Drive’s “manage versions” is ripe for being messed around by hackers. If you’re not aware, “manage versions” on Google Drive let’s one see and access all the older versions of a file that was hosted and shared by Google Drive. This feature is also used to replace an older version of the file with a new file without breaking its share link.
The problem lies in the fact that Google does not check the file type when you upload a new version. For instance, an image – a JPEG file – can be replaced with an executable file (.exe) with the “manage versions” feature. Surprisingly, when previewed online Google Drive won’t indicate newly made changes – in that it will show you a preview of the JPEG image – but when downloaded it will download the newer .exe file.
You can see the same in action in the video below in which Nikoci replaces an innocuous-looking PDF file with an executable file. As seen in the video, the preview still shows the older PDF but on downloading the file it downloads the new executable file that was replaced using the “manage versions” feature on Google Drive.
And as seen in the video, the same file when downloaded from a website on Google Chrome is labelled with a ‘dangerous’ warning sign.
Nikoci said he reported the loophole to Google but the issue was still unpatched as of August 22. We have reached out to Google for an update on the same but meanwhile, beware from downloading files from unknown Google Drive folders.
is obsessed with culture and tech, offering smart, spirited coverage of the products and innovations that shape our connected lives and the digital trends that keep us talking.
World news – CA – Google Drive Flaw Lets Hackers Easily Install Malware