#BugAlert: Attackers can use Google Drive to hack your system
What's the story
A major security flaw has been flagged in Googe Drive, an issue that could easily be used by a hacker to trick you into downloading malware or ransomware. The problem ties to a feature offered within the could storage service but it has not been patched by Google yet. Here's all you need to know about it.
Issue
Problem with 'managed versions' of Google Drive
Just recently, system administrator A Nikoci informed The Hacker News that Google Drive's "manage versions" feature, which lets you upload a new version of an already-uploaded file, enables a way to slip in malware. Basically, he said that the feature could be used to inject a malicious program as the latest version of a seemingly innocuous document or image.
Problem
Google does not check extension or file type
When this feature is used to upload a new malicious version of a file, Google does not even check if its the same file type or even the same extension; it just proceeds with the upload. Then, once the file is added, opening its link, which could be shared anywhere on the web, previews the original version but downloads the latest one (malware).
Concern
This could easily trick you into downloading malware
Such rigged links could easily be posted on public forums or sent to you via email to trick you into downloading a malicious program. Once this happens and the program is downloaded, it could be used by hackers to steal your information or spy on your activity. Notably, even Google Chrome does not detect these malicious downloads from Drive.
Action
No action taken yet
Google has been notified about the flaw but no action has been taken yet. The company has not even commented on the matter, which is pretty surprising given the seriousness of the bug. Hopefully, it takes the problem into notice and prevents this flaw by configuring"'manage versions" to work with the same file types or extensions as the original one.