Welcome | Sign In
TechNewsWorld.com
Exploits & Vulnerabilities

Security Specialist Spots Source Spoof Vulnerability in Google Toolbar

Print Version
E-Mail Article
Reprints
Security Specialist Spots Source Spoof Vulnerability in Google Toolbar

By Chris Maxcer
TechNewsWorld
12/19/07 11:57 AM PT

Security researcher Aviv Raff has spotted a security hole in Google's Toolbar browser utility. The trick lies in a hacker spoofing a URL in a dialog box that pops up once an unsuspecting user wishes to download a new toolbar button. The URL may indicate the download comes from a trusted source, but the actual source of the data may be a hacker, and the application may be far from what was advertised.


Time to upgrade your existing phone system?
Which solution will best suit your business? This free 4-part guide will help you evaluate whether your current phone system is suitable for your needs and how it may impact future growth. Learn more.

Security researcher Aviv Raff has published a vulnerability affecting Google's (Nasdaq: GOOG) Toolbar browser feature. The weak spot Raff reported could let a hacker gain control of a user's PC when the user tries to add a new Google Toolbar button.

The vulnerability is based on spoofing a trusted site that would normally provide a safe toolbar button -- basically tricking the user into downloading malicious files that could then be used, for example, to conduct nefarious activities like phishing attacks that could target banking information.

Raff published the details on his Web site and notified Google, which is working on a fix.

Spoofing the Source

Google Toolbar provides an API (application programming interface) for creating toolbar buttons, Raff reported, and the button information is stored in an XML (extensible markup language) file. In order to add a button, the user would have to click on a link that refers to the button's XML file.

The problem lies in the resulting dialog box that pops up, which supposedly shows the user where the button is being downloaded from, some information about the button, and privacy considerations. A hacker, however, can use an open redirector-based link to spoof the URL shown in the dialog box, making it seem, for example, that a button would be downloaded from Google.com, when in fact it would come from the hacker.

Finding the Vulnerability

"I actually didn't use this toolbar for a long long time, way before there was a possibility to add new buttons, and I was curious about the new beta version," Raff told TechNewsWorld. "I downloaded it and looked into this nice feature, which was new to me."

There's a couple of levels of work a hacker would have to go through to make this vulnerability pan out, such as getting a user to start downloading a button in the first place. That would likely have to come from a site or e-mail the user believed was safe.

"It is a good, effective way for attackers to gain their victim's trust, but ... there are other easier ways for attackers to gain access to their victim's PC's," Raff noted.

Still, Google has a massive programming staff that basically lives for creating Web-based applications that should be rock-solid and secure. Is this a surprising hole?

"I wasn't surprised," Raff said. "Even Google can have bugs. My recommendation for the end user is to avoid adding new buttons until Google provides a fixed version of the toolbar."

Raff also published a proof-of-concept example. The affected versions are Google Toolbar 5 beta for Internet Explorer, Google Toolbar 4 for Internet Explorer, and Google Toolbar 4 for Firefox. The Firefox version only allows for a partial URL spoof, however.

Print Version E-Mail Article Reprints More by Chris Maxcer

Talkback: Be the first to comment on this story.

More by Chris Maxcer

Sorry, You Just Can't Pin Down Apple Consumers
February 09, 2010
A recent study seems to suggest that Apple's big iPad reveal was a big disappointment and that the majority of consumers have no interest in the thing. But Apple has a knack for changing peoples' minds and shifting them into "buy" mode. For some consumers, anyway, it's a lot easier to say "no" now, when the product isn't even available, than it will be in a few months when iPads are actually on shelves. 		Taking the Good With the Bad in the New iPad
February 02, 2010
When Apple dives head-first into a new category, it usually likes to do so on its own terms, and the iPad launch was no exception. It looks like it has Apple's signature design and build quality, its OS is familiar to millions, and the asking price is a pleasant surprise. On the other hand, there also appear to be some unfortunate omissions in the iPad's design. 		Apple's Tablet Is Coming - Get Ready for Disappointment
January 26, 2010
The media have been huffing Apple tablet fumes for months, so get ready for a big hangover when Steve Jobs takes the stage Wednesday and announces the truth about what the company has been working on. When nothing's really known, anything is possible, and the idea of the tablet can be all things to all people. When the big reveal comes, some rumors and hopes will inevitably be shot down.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside TechNewsWorld
TechNewsWorld
E-Commerce Times
MacNewsWorld
CRM Buyer
LinuxInsider
Today's TechNewsWorld Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.