fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google Docs Bug Allowed Cyber-spies To Screenshot Private Documents

Google Docs Bug Allowed Cyber-spies To Screenshot Private Documents

A security vulnerability in Google Docs allowed malicious hackers to take screenshots of private documents, a security researcher has found.

Reported by Sreeram KL under the Google Vulnerability Reward Program, the bug arises from a misconfiguration in the popular online word processor.

Stealing the screenshot

Many Google products have a ‘Send Feedback’ feature that allows users to report issues (in Google Docs it is called ‘Help Docs improve’). The dialog includes an option to send a screenshot along with the report, which is enabled by default.

Since the feature is shared across many applications, it is embedded as an iframe element from the main google.com domain.

To enable interactions between the Google Docs window and feedback iframe, screenshots taken from the Google document are stored in feedback.googleusercontent.com and sent across domains.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

Sreeram’s goal was to find a way to cause the feedback iframe to post the screenshot to an arbitrary domain.

Previous research has shown that misconfigurations in headers can create opportunities to steal information from iframes.

PostMessage misconfiguration

Websites can include an x-frame-options header that, if set, can prevent clickjacking attacks and redirection of post messages to other domains.

Unfortunately for Google, the header was missing from the Google Docs application, so when you embedded it as an iframe in another webpage, you could manipulate the post destination of its inner iframes, namely the feedback dialog.

When a user types in feedback and clicks send, the screenshot of the Google document is sent to the attacker’s arbitrary domain.

“PostMessage misconfiguration has been a hot topic in recent times, so I was actively looking for one on Google products,” Sreeram told The Daily Swig.

The researcher was also inspired by a solution to one of bug bounty platform Intigriti’s cross-site scripting (XSS) challenges.

“I was always amazed by Intigriti’s XSS challenges. I wanted to exploit quirks from those challenges in real-world applications – and it worked,” he said.

Sreeram posted a proof-of-concept video on YouTube:

This kind of bug is not limited to Google web applications.

“I strongly believe many other websites could also be affected by the similar bug, because many people aren’t really aware that the location of iframes can be replaced by a cross-origin domain,” the researcher warned.

Also Read: Letter of Consent MOM: Getting the Details Right

Sreeram is currently ranked 37 on Google VRP’s hall of fame. This catch netted him a $3,100 bug bounty. Google has patched the bug following Sreeram’s report.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us