Google Drive Vulnerability Allows Spearphishing Attacks

  •  
  •  
  •  
  • 3
  •  
  •  
  •  
    3
    Shares

A serious vulnerability exists in Google Drive that still awaits a fix. As discovered, the vulnerability allows an adversary to conduct spearphishing attacks via maliciously crafted images.

Google Drive Vulnerability

Researcher A. Nikoci, primarily a system administrator, has found a serious vulnerability in Google Drive. Exploiting the vulnerability could have a serious impact on the corresponding Google Drive users.

As per the details he shared, the vulnerability affected the ‘manage versions’ feature of Google Drive. This feature ideally allows the users to upload new versions to an existing file without having to change the file extension. In this way, users can manage different versions at a time.

However, the glitch appeared because this functionality even allowed anyone to upload files with any extensions to any of the existing files. This even allowed uploading files bearing malicious executables as new versions.

Google lets you change the file version without checking if it’s the same type. They did not even force the same extension.

Hence, it is highly likely for an attacker to trick users into downloading malicious attachments from given Google Drive links. Since Google Chrome trusts the Drive links, the victims won’t know about the malware inside the file unless downloaded.

He has also demonstrated the exploit in the following videos.

No Patch From Google Yet

Alongside the ease of exploit, the other thing that makes this bug serious trouble is the absence of a fix.

The researcher has confirmed that Google has left this bug unpatched despite knowing about it. (Remains unfixed until the time of writing this article).

Hence, although no reports are known about the active exploitation of the bug (until the publication of this article). Yet, given that the exploit is out, is now publicly known, and the massive dependency of customers of Google Drive, the bug needs an urgent fix.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!