Vendredi, 05 Août 2011 03:45
Security Researchers Demonstrate Hacking Google’s Chrome OS
When Google first mentioned its Google Chrome OS software several years ago, one of the selling points was the promise that it would come with better built-in security compared to other operating systems. The Chrome OS has commercially been available for a few months now and security researchers have already figured out how to hack it. Two researchers told a crowd that they had used web-based hacker tricks to compromise the security of the Chrome OS at today’s Black Hat security conference. The Chrome OS is the software that powers the recently launched Chromebooks from a variety of vendors. The hacks gave the researchers the ability to access a user’s email, Google Docs, contacts, and Google Voice messages. If Google doesn’t patch the variety of flaws or if the researchers uncover more flaws, then hackers could have a field day accessing data on Chromebooks everywhere. Two researchers at White Hat Security’s Threat Research Center, Matt Johanson and Kyle Osborn, said in their talk that they had spent months doing research on the Chrome OS. They ended up finding a flaw in ScratchPad, which is a preinstalled extension to the Chrome OS that lets people take notes and save them to cloud-based Google Docs. On stage at the Black Hat security conference, the researchers showed both videos of the hacked documents and live demos as well. “You basically grab and download someone’s contacts like this,” Osborn said, demonstrating the deed on a big screen. A Google spokesman said the following in a statement regarding the demonstration: “This conversation is about the web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle the web attacks that can affect browsers on any computing device, thanks in part to a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.” Google also recently published information about writing more secure extensions to the Chrome OS, and it explained why it thinks the Chrome OS is more secure. With Chromebooks, there is no data stored on the device and everything takes place essentially in the cloud and is accessible via the Chrome web browser. By attacking browsers with known exploits such as cross-site scripting, cross-site requests, and “clickjacking,” hackers can get around the Chrome OS’s security protections and access sensitive data. The researchers say they can do high-speed scans of intranets via the hack and can view active host Internet Protocol addresses (which let them figure out what websites you’re looking at). They say they also have the ability to take over a user’s Google account by stealing session cookies, which can contain user password data. The Chrome OS isn’t unique in having these types of vulnerabilities either, other OSes are also subject to similar attacks. Google was informed about the vulnerabilities and addresses some of them including the ScratchPad flaw, but the researchers mentioned some of the underlying weaknesses still remain. The demonstration is just a reminder that the shift toward cloud computing won’t resolve all the common security problems that today’s computers have. Authors:
Read 3703 times
Published in
News Technologique-Tech News
More in this category:
« Peek Inside the Lamborghini Factory
Could An SSD Be The Best Upgrade For Your Old PC? »
Last WebBuzz
-
WebBuzz du 24/11/2017: Pérou décoller comme superman-Peru Reverse bungee aka Superman Jump
Read 38383 times
-
WebBuzz du 22/11/2017: Une Femme Saoudienne fait du surf dans les rues-Saudi girl Car Surfing after heavy rains and flood in Saudi Arabia
Read 38674 times
-
WebBuzz du 20/11/2017: Maxi crach au grand prix GT à Macau-Huge pile up Crash 2017 Macau Grand Prix FIA GT World Cup
Read 33565 times
-
WebBuzz du 17/11/2017: Boston Dynamics fait le cirque avec ses robots-BD prepare to build a circus with his robots
Read 36329 times
-
WebBuzz du 16/11/2017: Une illusion d'optique féminine-a feminine optical illusion
Read 34379 times
-
WebBuzz du 14/11/2017: Roumanie un bus de police évite un tram de justesse-Close call between a tram and police's bus
Read 30945 times
-
WebBuzz du 13/11/2017: Arrivée fracassante d'un bateau sur les docks de San Diego-Whale Watching Boat Crashing Into San Diego Dock
Read 29167 times
-
WebBuzz du 08/11/2017: Créer des flammes de toutes les couleurs-How to make colourful flames
Read 29982 times
-
WebBuzz du 07/11/2017: Echec test du système de détection des piètons de la Volvo S60-Volvo S60 Pedestrian Detection System Test failed
Read 31350 times
-
WebBuzz du 03/11/2017: Slacker dans la forêt-slackline in the forest
Read 33812 times
Accusé de reception
bancaires
bilan
cheval
configuration
Confirmation de lecture
copie
copies
Dolibarr
duplicata
EDF
Excel
exim
facture
factures
Firefox
Google cloud print
hameçonnage
IE6
IE7
impression
informatique
itunes
java
linux
luxembourgeois
mac os
MAJ
micosoft
microsoft
Office
Outlook
phishing
quicktime
rappels
relances
seamonkey
serveurs
spécifique
Sécurité
Tentative
thunderbird
troie
utilisant
V322
Vista
Windows
Windows 7
XP/2000 : Activer le pavé numérique
établissements