If you make use of Google Drive for your personal or business use you should be aware of a flaw that was recently discovered in the Mountain View-based technology giant’s cloud storage service. The new flaw makes you vulnerable to malware and spam attacks if you often access shared files on Google Drive.

The flaw, discovered by A. Nikoci and reported by the The Hacker News shows how Google Drive’s “manage versions” is ripe for being messed around by hackers. If you’re not aware, “manage versions” on Google Drive let’s one see and access all the older versions of a file that was hosted and shared by Google Drive. This feature is also used to replace an older version of the file with a new file without breaking its share link.

The problem lies in the fact that Google does not check the file type when you upload a new version. For instance, an image – a JPEG file – can be replaced with an executable file (.exe) with the “manage versions” feature. Surprisingly, when previewed online Google Drive won’t indicate newly made changes – in that it will show you a preview of the JPEG image – but when downloaded it will download the newer .exe file.

You can see the same in action in the video below in which Nikoci replaces an innocuous-looking PDF file with an executable file. As seen in the video, the preview still shows the older PDF but on downloading the file it downloads the new executable file that was replaced using the “manage versions” feature on Google Drive.

And as seen in the video, the same file when downloaded from a website on Google Chrome is labelled with a ‘dangerous’ warning sign.

Nikoci said he reported the loophole to Google but the issue was still unpatched as of August 22. We have reached out to Google for an update on the same but meanwhile, beware from downloading files from unknown Google Drive folders.

is obsessed with culture and tech, offering smart, spirited coverage of the products and innovations that shape our connected lives and the digital trends that keep us talking.

Source: https://in.mashable.com/tech/16520/google-drive-flaw-lets-hackers-easily-install-malware

World news – CA – Google Drive Flaw Lets Hackers Easily Install Malware

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here