Google Drive is an online storage service which allows you to store upto 15 GB for free, you can upload any type of file in your Drive, like you do the same in Dropbox, BUT last week, a vulnerability exposed by Google itself about a loop hole in its Google Drive service that could allow an attacker to access your personal, confidential files without your permission.
Good thing is—Now the vulnerability has been patched by Google, but those who have links of any previously uploaded files on Google Drive can still watch it without your permission. [See how to fix this]
What was the Flaw?
The Flaw was simple, like a pinging service, if any on your document uploaded on Google Drive that include an external website link, then the document is vulnerable, because upon clicking that link a ping sent to the third party website owner to tell From where a user came from, and the link given over there to the website owner allows him/her to access that document without any of the user information.
It is a serious flaw, and will affect every professional user of Google Drive, as sometimes it is necessary to embedded links in the document.
Google received a report from an anonymous user through its Vulnerability Reward Program about the vulnerability, Google also explains conditions on its blog, about—The issue is only relevant if all of the following apply:
- The file was uploaded to Google Drive
- The file was not converted to Docs, Sheets, or Slides (i.e. remained in its original format such as .pdf, .docx, etc.)
- The owner changed sharing settings so that the document was available to “Anyone with the link”
- The file contained hyperlinks to third-party HTTPS websites in its content
on 27 June 2014, the same day when Google announced about this vulnerability, updated the Google Drive and assured users that newly shared documents with hyperlinks to third-party HTTPS websites will not inadvertently relay the original document’s URL.
I think my Google Drive Files affected:
If any of the conditions above matches with your document shared on Google Drive, so its time to deploy some security steps against your previously uploaded documents:
- Create a copy of the document, via File > “Make a copy…”
- Share the copy of the document with particular people or via a new shareable link, via the “Share” button
- Delete the original document
