Chrome OS vulnerabilities were revealed at Black Hat 2011 in Las Vegas by Matt Johansen, WhiteHat Security Team Lead, on the left, and Kyle Osborn, Application Security Specialist focusing on offensive security for WhiteHat Security. freewarenorth here. LAS VEGAS--Google touts the Chrome OS as being free from traditional security concerns like malware, but it's still vulnerable to totally different types of attacks, two researchers from the firm WhiteHat Security told Black Hat attendees here today. The Chrome OS is unlike any other desktop system currently available, said Matt Johansen, WhiteHat Security's team lead. It's more similar to mobile devices and apps, where to get more out of the device you're going to need to install extensions," he said. Unlike Apple, though, there's no review process, which in turn increases the security risk, said Kyle Osborn, an application security consultant focusing on offensive security for WhiteHat Security.
We actually saw an extension in the Chrome Web Store called Cookie Stealer that did precisely that. But hey, it had the checkmark next to it that it was verified secure and safe," Johansen quipped. When the Cr-48 demo notebook running Chrome OS first came out in December 2010, Google approached WhiteHat Security to find security risks in the OS. They quickly found a hole in the ScratchPad note-taking app, which could affect all Chrome OS users since it's one of the few software that comes pre-installed. When you take notes with ScratchPad, it syncs the note to your Google Docs account. What most of the people didn't understand about Google Docs is that the person you share a document or folder with doesn't have to approve receiving it. Прикольные Cимуляторы Автоматов С Выводом На Счет Бонус За Регистрацию 2016 Онлайн here. It just automatically appears in your Docs.
This lack of structured permissions massively increased the risk of running an exploit, said Johansen, because it influences everybody, it has access to your Google log-in and there's no permissions wall to break through. innovativemanager. The risk is even worse than that, said Osborn.
Because it has access to all sub-domains under Google.com, this could include your Voice or contacts account. An exploit could export your entire contact list as a CSV," he said, simply because you were using a Google-written app. Video: Tie default settings to your user account there. WhiteHat Security created this malicious extension to test Chrome OS vulnerabilities. This is a zero-click, or at max a one-click worm," said Johansen. He said that Google was quick to fix the exploit once his company notified them, but the larger point of open permissions left Chrome OS users vulnerable. Along with permissions, he said that the very API list which allowed extension writers to create powerful tools also led to serious security risks. In the set of APIs that extensions have access to is the one for Tabs, which ensures that an exploit could easily gain access to your entire browsing session.
Of course, your note-taking extension is going to have to talk to your Google Docs account, or your banking extension shall have to talk to your bank," Johansen said, and Osborn added that he's found extensions that have access to all Chrome APIs, including bookmarks, cookies, history, windows, and tabs. There's no need to inject code into google.com if you have access to these APIs," he said. This influences mobile, too.
A new feature of the Android Market is that you can log in with your Google account and install programs [from the desktop to the phone]. We can now force the install and download of any application that we want," said Osborn. In a statement, a Google spokesperson responded: "This conversation is about the Web, not Chrome OS.
Chromebooks raise security protections on computing hardware to new levels. When it comes to Chrome app-based threats, Osborn and Johansen are not looking for usual suspects, such as Microsoft Office exploits or buffer overflows. They're looking at things like e-mail notifiers, note-taking apps, and RSS readers, which have to have wide-open permissions to run properly. Basically, they said, they're looking at any extension that talks to a database, or any extension that takes input from and displays it to the user somewhere. Why worry about native code execution when cross-site scripting [attacks] gives hackers access to all. Exploit development is hard.
Although the scheduled program, app, or extension tells you when you install it which permissions it requires, the act of blocking those falls to the user. Whose problem is it with these permissions? Is it Google's? The developer's?" Johansen asked the crowd. filecloudff here. He added that Google has been responsive and open in talking with his company about these problems.
Write something about yourself. No need to be fancy, just an overview.