Google Drive has a serious flaw that can let an attacker replace a malicious file to the legitimate file. This is by exploiting the Drive’s loose authentication process for a file, that’s being updated by the “manage versions” feature. Though there’s haven’t been any exploitations recorded yet, researcher warns for effective phishing campaigns using this flaw.
A Flaw in Google Drive Lets Attackers Inject Malwares
As per A. Nikoci, a system administrator who discovered this told to The Hacker News
But, here’s the flaw. This process from Drive won’t properly check the updates being received and would allow any type of file to be replaced if the user grants.
Thus, an image file of .png is supposed to get a .png update, but any other malware file could be pushed by attackers to penetrate. An executable (.exe) file is most likely to be replacing the legitimate files if the user is unaware.
Also Read: Oppo A53 launched with triple rear cameras and 5000mAh battery
And since the file is being shared to so many users (in case), it’ll be spreading to other users too. If the user updates the file on notification, download and installs to check, it will infect the system and act as a backdoor to spy and steal sensitive information. There’s a fault from Chrome
too, from where the Google Drive is mostly accessed if not on phone.Google Chrome blindly allows any file downloaded from the Drive as genuine, thus giving it safe access into the system. This may sometimes dunk the antivirus softwares too if Chrome considered it as safe.
Researcher says this could lead to a spear-phishing attack, in some cases. Though Google is made aware of this flaw, there isn’t any patch made to date.
More to read:
- Google Pixel 5 to come with Snapdragon 765G, 90Hz display, ultra-wide camera
- Google Maps to get more colorful, accurate in its upcoming update
- Google Pixel 4a review: The perfect Android phone in 2020 at $349
- Google Maps turned into a partial social media platform
This post was last modified on August 24, 2020