Google Drive may not be as secure as you anticipate it to be. The Google benefit allegedly incorporates security vulnerability that might permit programmers to send noxious records that show up to look genuine. Google has been informed of the security issue, but it hasn't been fixed, however.
The flaw, discovered by A. Nikoci and reported by The Hacker News shows that the security bug is said to be the ‘manage versions’ highlight advertised by Google Drive that permits users to transfer and manage diverse versions of a file. The cloud capacity storage supposedly doesn’t check to see in case a record is of the same sort, or indeed implement the same expansion.
Read Now: Google updates its Android Auto wireless feature that will now run on Android 11
According to Nikoci, the ‘manage versions’ practically should allow users to update an older version of a file with a new version having the same file extension, however, this is not the case. An extract from Nikoci'sinterview with The Hacker News said, “the affected functionally allows users to upload a new version with any file extension for any existing file on the cloud storage, even with a malicious executable.”
The method is basic as demoed by Nikoci in three recordings. It begins with sharing an ordinary file using Google Drive. Clients can at that point transfer an unused version of that file through Manage Version. Here, Nikoci effectively transfers an infected version of that file. In doing so, Google doesn’t identify or distinguish on the off chance whether it's the same file or not. Anybody that has access to the link can download the infected file. Google lets you change the file version without checking if it’s the same type,” Nikoci claimed.
The approach can be utilized for spear phishing attacks that trap clients into compromising their frameworks. Spear phishing attacks are ones where users are inadvertently made to open files that have malware. It is usually used to collect personal information from targeted users. You might get a notice of a report upgrade and grab the file without realizing the danger.
Google had recently fixed a major security bug in Gmail and G Suite that was noticed four months ago. The fix happened within seven hours after it was made publicly accessible. It was also shortly after Google’s services suffered a global outage.
Nikoci said he notified Google about the issue, but that it was still unpatched as of August 22nd. For now, the prominent solutions might be to use antivirus software and be aware of Google Drive file update alerts, especially if you weren’t anticipating them.
Disclaimer: The news on the Website have been compiled from a variety of sources and cannot vouch for the veracity of the stories.
