In our new normal, Google Drive, Docs and G-Suite services have become our go to tools to easily share and collaborate on various Work from Home assignments. Most of us tend to trust it almost blindly when it comes to Google services.
Whether it is syncing in passwords or saving all our important files and photos on Google Drive and Google Photos, even the more sceptical ones of us feel safe around Google.Notably, in light of the on-going global health crisis, Google also announced to offer several of its paid services such as Google Meet for free.
But, just so you know as more and more people get on to these Google tools, they are also likely to bring in greater cyber risks. They are likely to become fitting venues for hackers to explore potential loopholes and targets. Particularly, cyber-security experts have also spotted an old undiscovered bug on the Google Drive too.
Google Drive feature that may facilitate Cyberattacks
The Hacker Newsreported that the recently spotted bug can allow attackers to switch original files with malicious ones. The news portal added in its report that the flaw was spotted by system administrator A. Nikoci. The administrator noted that the security flaw is caused by Google Drive’s inability to examine different versions of the same file. This Google Drive feature can enable hackers to secretly switch normal files with suspicious files containing malware.
However, Google fails to issue warnings or alerts in case of such an attack but just notes it as a potential update to the original file. Furthermore, as it updates the new version, it usually doesn’t check the file type against that of the original document either. Nikoci added that Google cloud service doesn’t even force users (attackers) to use the same extension.Consequently, it makes it easier for the cyber-attacks to go unnoticed.
In an exclusive video, Nikoci demonstrated how a legitimate file shared among a group of users can be replaced by a malicious file without raising any alarms. Notably, Google fails to alert users as they preview the malicious file online. But, when the file is downloaded into the system, it can then be controlled by the attacker to infect victim’s device.
The above Google Drive flaw makes the cloud service particularly a softer target for spear-phishing campaigns. These campaigns are already known to target popular cloud storage services. Furthermore, this is also particularly worrisome for employees and professionals who are currently relying on the Google Drive files more than ever due to the new WFH status. As they attempt to open their work related documents, they also risk installing malware into their mobile or computer unknowingly.
Precautions to protect against Google Drive Flaw
Experts suggest that users should beware of any unexpected changes and updates to their Google Drive files. They further add that in case of confusion, you should confirm with your colleagues or co-contributors before opening any files in the Google Drive.
It is also advisable to run a security check up on your own Google Account in case the changes cannot be ascertained. Furthermore, you may also want to consider integrating anti-malware suite for further protection against such cyberattacks.
The issue is said to have been already brought into notice of the tech giant. We are hoping to soon receive security upgrades against the tools’ flaw.
Also Read: Install The Best ‘App Locker’ Apps!