Google: No significant security issues with Google Docs

Share this article:

Despite apparent security issues in Google Docs, the company is playing down the risks.

According to Ade Barkah, a Canadian information security consultant, Google Docs permits an image to be accessible – even after a documents that contains it is deleted or sharing has been turned off.

“That means anyone with access to the URL can view the image. If you've shared a document containing embedded images with someone, that person will always be able to view those images,” he wrote in a blog post. “Even after you've stopped sharing the document.”

Of course, Barkah wrote in his blog, a hacker must obtain the correct URL for the image to access it, but the issue is a lack of protection in Google Docs sharing.

“The end result is a potential privacy leak,” he wrote.

Another issue is that it is possible for viewers to access previous versions of images. That means that if a user placed an image in a document, then later makes changes to the image, the older version can still be viewed by requesting any former version from the URL.

A third problem is that a user who previously had access to a document and later was removed from its access list can regain access surreptitiously.

“Even if you unshare a document with a person, that person can in certain cases still access your document without your permission, a serious breach of privacy,” he wrote.

In a statement, a Google spokesperson said, "We take the security of our users' information very seriously and are investigating the concerns raised by the researcher. Based on the information we've received, we do not believe there are significant security issues with Google Docs. We will share more information as soon as it's available."

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.