Google Gadget vulnerability discovered

Posted on Monday, Jul 28 2008 @ 07:30 CEST by Thomas De Maesschalck
Information Week writes security researchers have found a critical vulnerability in Google Gadgets:
"At the core of the talk is the concept of Gmalware, which is basically a malicious gadget," said Stracener. "The idea is that gadgets are supported by the gmodule domain and security architecture. And with the current security architecture, it doesn't protect individuals from malicious gadgets very well. Nor does it protect gadgets from one another."

Google (NSDQ: GOOG) Gadgets, said Stracener, are vulnerable to information theft, deceptive practices, content spoofing, and authentication issues.

A Google Gadget, for example, can log you into an account without your knowledge and monitor your Google Search queries, Stracener explained. It can also be made to attack another Google Gadget and steal information.

No malicious Google Gadgets have been spotted in the wild yet. Once details about the vulnerabilities emerge, however, that may change.

Google has been alerted to the researchers' findings but hasn't yet publicly acknowledged whether or not it sees a problem. The company did not respond to a request for comment.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments