Google Drive has a serious flaw that can let an attacker replace a malicious file to the legitimate file. This is by exploiting the Drive’s loose authentication process for a file, that’s being updated by the “manage versions” feature. Though there’s haven’t been any exploitations recorded yet, researcher warns for effective phishing campaigns using this flaw.
A Flaw in Google Drive Lets Attackers Inject Malwares
As per A. Nikoci, a system administrator who discovered this told to The Hacker News, Google Drive has a function called “manage versions“, where it will let users update files that are being shared among many without changing the link. The purpose of the feature is to easily update stuff without altering the sent sharing links to everyone.
But, here’s the flaw. This process from Drive won’t properly check the updates being received and would allow any type of file to be replaced if the user grants.
Thus, an image file of .png is supposed to get a .png update, but any other malware file could be pushed by attackers to penetrate. An executable (.exe) file is most likely to be replacing the legitimate files if the user is unaware.
And since the file is being shared to so many users (in case), it’ll be spreading to other users too. If the user updates the file on notification, download and installs to check, it will infect the system and act as a backdoor to spy and steal sensitive information. There’s a fault from Chrome too, from where the Google Drive is mostly accessed if not on phone.
Google Chrome blindly allows any file downloaded from the Drive as genuine, thus giving it safe access into the system. This may sometimes dunk the antivirus softwares too if Chrome considered it as safe.
Researcher says this could lead to a spear-phishing attack, in some cases. Though Google is made aware of this flaw, there isn’t any patch made to date.
More to read: