Google: No significant security issues with Google Docs

Share this article:

Despite apparent security issues in Google Docs, the company is playing down the risks.

According to Ade Barkah, a Canadian information security consultant, Google Docs permits an image to be accessible – even after a documents that contains it is deleted or sharing has been turned off.

“That means anyone with access to the URL can view the image. If you've shared a document containing embedded images with someone, that person will always be able to view those images,” he wrote in a blog post. “Even after you've stopped sharing the document.”

Of course, Barkah wrote in his blog, a hacker must obtain the correct URL for the image to access it, but the issue is a lack of protection in Google Docs sharing.

“The end result is a potential privacy leak,” he wrote.

Another issue is that it is possible for viewers to access previous versions of images. That means that if a user placed an image in a document, then later makes changes to the image, the older version can still be viewed by requesting any former version from the URL.

A third problem is that a user who previously had access to a document and later was removed from its access list can regain access surreptitiously.

“Even if you unshare a document with a person, that person can in certain cases still access your document without your permission, a serious breach of privacy,” he wrote.

In a statement, a Google spokesperson said, "We take the security of our users' information very seriously and are investigating the concerns raised by the researcher. Based on the information we've received, we do not believe there are significant security issues with Google Docs. We will share more information as soon as it's available."

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.