Google Drive security flaw may let attackers send malicious files | Tech News

Google Drive security flaw may let attackers send malicious files

This Google Drive security flaw can allow attackers to add infected files inside ones that are already shared with users.

| Updated on: Aug 20 2022, 22:42 IST
Google Drive security flaw.
Google Drive security flaw.

Google Drive may not be as safe as you expect it to be. The Google service reportedly has a security vulnerability that could allow hackers to send malicious files that appear to look authentic. Google has been notified of the security issue but it hasn't been patched yet.

This was discovered by A. Nikoci, a system administrator who revealed the Google Drive security flaw to The Hacker News. The issue lies in Google Drive's “Manage Versions” feature that lets users upload new versions of different files. It essentially lets users restore “an earlier version of a file that wasn't created in Docs, Sheets, or Slides”.

You may be interested in

MobilesTablets Laptops
25% OFF
Google Pixel 128GB
  • Black
  • 4 GB RAM
  • 128 GB Storage
37% OFF
Google Pixel 7 Pro 5G
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
7% OFF
Google Pixel 7A
  • Charcoal
  • 8 GB RAM
  • 128 GB Storage
7% OFF
Google Pixel 7 5G
  • Obsidian
  • 8 GB RAM
  • 128 GB Storage

According to Nikoci, the flaw in this feature allows users to “upload a new version with any file extension for any existing file on the cloud storage, even with a malicious executable.” The process is pretty simple as demoed by Nikoci in three videos. It starts with sharing a normal file via Google Drive. Users can then upload a new version of that file through Manage Version. Here, Nikoci easily uploads an infected version of that file. In doing so, Google doesn't detect or identify if it's the same file type or not. Anyone having access to that link can download the infected file.

Also read
Looking for a smartphone? To check mobile finder click here.

ALSO READ: Gmail, Google Drive partially restored after suffering one of the longest outages

This security flaw comes at a time when people are using services like Google Drive the most. While its cloud storage has been in use, more people are using it now to share files online due to remote work. This kind of malware can lead to spear phishing attacks that aim to compromise a user's system.

Google had recently fixed a major security flaw in Gmail that was actually detected four months back. The fix came within seven hours after it was made publicly available. It was also shortly after Google's services suffered a global outage.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 25 Aug, 08:35 IST