Google: No significant security issues with Google Docs

Share this article:

Despite apparent security issues in Google Docs, the company is playing down the risks.

According to Ade Barkah, a Canadian information security consultant, Google Docs permits an image to be accessible – even after a documents that contains it is deleted or sharing has been turned off.

“That means anyone with access to the URL can view the image. If you've shared a document containing embedded images with someone, that person will always be able to view those images,” he wrote in a blog post. “Even after you've stopped sharing the document.”

Of course, Barkah wrote in his blog, a hacker must obtain the correct URL for the image to access it, but the issue is a lack of protection in Google Docs sharing.

“The end result is a potential privacy leak,” he wrote.

Another issue is that it is possible for viewers to access previous versions of images. That means that if a user placed an image in a document, then later makes changes to the image, the older version can still be viewed by requesting any former version from the URL.

A third problem is that a user who previously had access to a document and later was removed from its access list can regain access surreptitiously.

“Even if you unshare a document with a person, that person can in certain cases still access your document without your permission, a serious breach of privacy,” he wrote.

In a statement, a Google spokesperson said, "We take the security of our users' information very seriously and are investigating the concerns raised by the researcher. Based on the information we've received, we do not believe there are significant security issues with Google Docs. We will share more information as soon as it's available."

Share this article:

Next Article in News

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.