Google Drive security flaw may let attackers send malicious files

This Google Drive security flaw can allow attackers to add infected files inside ones that are already shared with users.

| Updated on: Aug 20 2022, 22:42 IST
Google Drive security flaw.
Google Drive security flaw.
Google Drive security flaw.
Google Drive security flaw.

Google Drive may not be as safe as you expect it to be. The Google service reportedly has a security vulnerability that could allow hackers to send malicious files that appear to look authentic. Google has been notified of the security issue but it hasn't been patched yet.

This was discovered by A. Nikoci, a system administrator who revealed the Google Drive security flaw to The Hacker News. The issue lies in Google Drive's “Manage Versions” feature that lets users upload new versions of different files. It essentially lets users restore “an earlier version of a file that wasn't created in Docs, Sheets, or Slides”.

According to Nikoci, the flaw in this feature allows users to “upload a new version with any file extension for any existing file on the cloud storage, even with a malicious executable.” The process is pretty simple as demoed by Nikoci in three videos. It starts with sharing a normal file via Google Drive. Users can then upload a new version of that file through Manage Version. Here, Nikoci easily uploads an infected version of that file. In doing so, Google doesn't detect or identify if it's the same file type or not. Anyone having access to that link can download the infected file.

ALSO READ: Gmail, Google Drive partially restored after suffering one of the longest outages

This security flaw comes at a time when people are using services like Google Drive the most. While its cloud storage has been in use, more people are using it now to share files online due to remote work. This kind of malware can lead to spear phishing attacks that aim to compromise a user's system.

Google had recently fixed a major security flaw in Gmail that was actually detected four months back. The fix came within seven hours after it was made publicly available. It was also shortly after Google's services suffered a global outage.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 25 Aug, 08:35 IST
keep up with tech