26 de abril de 2012

Google Drive May Give Access To Full Google Account

Google Drive is Google’s cloud storage service that has been making the rounds on the Internet ever since it launched a few days ago. It basically gives every Google user who signs up for the service 5 Gigabytes of free online storage that can be used to synchronize local files with the cloud, and access the files on the web as well.
Google Drive for PC or Mac are programs that Google Drive users can install on their systems to sync files on the operating system with the cloud.
The application runs in the background and synchronizes all files and folders that are moved or copied into the Google Drive root folder on the system, or on other systems connected to the Drive account.
Drive users may notice that some files hosted on Google Drive have a Google specific file extension. These have been created by Google Docs, Google’s document management and editing service. A click on one of those files opens the select file in the default browser. They are basically just shortcuts pointing to Google Drive, which you see when you look at the size of the documents (which is 1KB on my system).
google drive shortcuts
What many Google Drive users do not know: It also logs the user into the connected Google user account. The issue here? The login gives access to all other Google services as well.
One could say that this is not a big issue, or even an intended useful feature as it makes the process more comfortable. Others might feel that this is a security related issue, as everyone with access to the local system can access all Google services of the account, including Google Mail, Webmaster Tools, Google Docs or YouTube without further authentication.
It is definitely something to consider, especially when laptops or mobile computers are used. If you are losing your laptop, or if it gets stolen, the thief could gain access to the full Google account this way if Google Drive is installed and running on the system.
You may now wonder how other services are handling this? Microsoft SkyDrive displays a login prompt the first time the go to skydrive.com option is selected in a session. Dropbox opens the file listing right away, but it is less of a issue here as there are no other services users can switch to. And the files are also available directly on the system. (via Caschy)
The solution? Either do not run Google Drive automatically on your system, or do not use it at all if you think that this is a security issue.

☛ El artículo completo original de Martin Brinkmann lo puedes ver aquí
Publicado a las 8:33 p.m.
Labels: ,

No hay comentarios.:

Publicar un comentario

Suscribirse a: Comentarios de la entrada (Atom)