Google: No significant security issues with Google Docs

Share this article:

Despite apparent security issues in Google Docs, the company is playing down the risks.

According to Ade Barkah, a Canadian information security consultant, Google Docs permits an image to be accessible – even after a documents that contains it is deleted or sharing has been turned off.

“That means anyone with access to the URL can view the image. If you've shared a document containing embedded images with someone, that person will always be able to view those images,” he wrote in a blog post. “Even after you've stopped sharing the document.”

Of course, Barkah wrote in his blog, a hacker must obtain the correct URL for the image to access it, but the issue is a lack of protection in Google Docs sharing.

“The end result is a potential privacy leak,” he wrote.

Another issue is that it is possible for viewers to access previous versions of images. That means that if a user placed an image in a document, then later makes changes to the image, the older version can still be viewed by requesting any former version from the URL.

A third problem is that a user who previously had access to a document and later was removed from its access list can regain access surreptitiously.

“Even if you unshare a document with a person, that person can in certain cases still access your document without your permission, a serious breach of privacy,” he wrote.

In a statement, a Google spokesperson said, "We take the security of our users' information very seriously and are investigating the concerns raised by the researcher. Based on the information we've received, we do not believe there are significant security issues with Google Docs. We will share more information as soon as it's available."

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.