Google: No significant security issues with Google Docs

Share this article:

Despite apparent security issues in Google Docs, the company is playing down the risks.

According to Ade Barkah, a Canadian information security consultant, Google Docs permits an image to be accessible – even after a documents that contains it is deleted or sharing has been turned off.

“That means anyone with access to the URL can view the image. If you've shared a document containing embedded images with someone, that person will always be able to view those images,” he wrote in a blog post. “Even after you've stopped sharing the document.”

Of course, Barkah wrote in his blog, a hacker must obtain the correct URL for the image to access it, but the issue is a lack of protection in Google Docs sharing.

“The end result is a potential privacy leak,” he wrote.

Another issue is that it is possible for viewers to access previous versions of images. That means that if a user placed an image in a document, then later makes changes to the image, the older version can still be viewed by requesting any former version from the URL.

A third problem is that a user who previously had access to a document and later was removed from its access list can regain access surreptitiously.

“Even if you unshare a document with a person, that person can in certain cases still access your document without your permission, a serious breach of privacy,” he wrote.

In a statement, a Google spokesperson said, "We take the security of our users' information very seriously and are investigating the concerns raised by the researcher. Based on the information we've received, we do not believe there are significant security issues with Google Docs. We will share more information as soon as it's available."

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.