Flaws could undermine Google's focus on security of Chrome-powered devices. Since Google's Chrome operating system is built to be used connected to the web, users' files and work will mostly be saved in the cloud. Using Google Docs applications for example, automatically stores the work on Google's servers so you can access it from anywhere across a variety of devices.
Google believes this is the future of computing, and its Chrome OS is designed specifically for Cloud-based use. It also allows Google to talk up security, as your documents are stored and well protected in the Cloud, whereas if somebody were to steal your Chromebook, they won't find all of your files on your HDD like they will if they steal your notebook PC.
However, researchers at an independent security firm say that Chrome's reliance on web computing also makes it vulnerable in other ways. WhiteHat Security researcher Matt Johansen was paid $1,000 by Google for reporting a flaw in the Chrome OS note-taking application that he successfully exploited to hijack a Google Mail account.
Since then, Johansen has said he found the same basic flaw with many other applications (or extensions). "This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware."
Johansen says the key to for Chrome OS hacking is to somehow capture data that is being sent and received by the Chrome browser, to and from the Cloud. "I can get at your online banking or your FaceBook profile or your email as it is being loaded in the browser," he said.
"If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive." Such snooping could be done by exploiting a vulnerability found in a Chrome extension, for example. Google has recently revealed plans to improve the screening of Chrome extensions to avoid security problems. "Chrome is trusting these extensions more than it would be trusting just another website," Johansen said, referring to how the operating system gives extensions sweeping rights to access data stored on the cloud.
Google believes this is the future of computing, and its Chrome OS is designed specifically for Cloud-based use. It also allows Google to talk up security, as your documents are stored and well protected in the Cloud, whereas if somebody were to steal your Chromebook, they won't find all of your files on your HDD like they will if they steal your notebook PC.
However, researchers at an independent security firm say that Chrome's reliance on web computing also makes it vulnerable in other ways. WhiteHat Security researcher Matt Johansen was paid $1,000 by Google for reporting a flaw in the Chrome OS note-taking application that he successfully exploited to hijack a Google Mail account.
Since then, Johansen has said he found the same basic flaw with many other applications (or extensions). "This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware."
Johansen says the key to for Chrome OS hacking is to somehow capture data that is being sent and received by the Chrome browser, to and from the Cloud. "I can get at your online banking or your FaceBook profile or your email as it is being loaded in the browser," he said.
"If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive." Such snooping could be done by exploiting a vulnerability found in a Chrome extension, for example. Google has recently revealed plans to improve the screening of Chrome extensions to avoid security problems. "Chrome is trusting these extensions more than it would be trusting just another website," Johansen said, referring to how the operating system gives extensions sweeping rights to access data stored on the cloud.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
vulnerablity