Headline FeedsSecurity researcher Aviv Raff has published a vulnerability affecting Google's (Nasdaq: GOOG) Toolbar browser feature. The weak spot Raff reported could let a hacker gain control of a user's PC when the user tries to add a new Google Toolbar button.
Security Specialist Spots Source Spoof Vulnerability in Google Toolbar
Security researcher Aviv Raff has spotted a security hole in Google's Toolbar browser utility. The trick lies in a hacker spoofing a URL in a dialog box that pops up once an unsuspecting user wishes to download a new toolbar button. The URL may indicate the download comes from a trusted source, but the actual source of the data may be a hacker, and the application may be far from what was advertised.
eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.
The vulnerability is based on spoofing a trusted site that would normally provide a safe toolbar button -- basically tricking the user into downloading malicious files that could then be used, for example, to conduct nefarious activities like phishing attacks that could target banking information.
Raff published the details on his Web site and notified Google, which is working on a fix.
Spoofing the Source
Google Toolbar provides an API (application programming interface) for creating toolbar buttons, Raff reported, and the button information is stored in an XML (extensible markup language) file. In order to add a button, the user would have to click on a link that refers to the button's XML file.
The problem lies in the resulting dialog box that pops up, which supposedly shows the user where the button is being downloaded from, some information about the button, and privacy considerations. A hacker, however, can use an open redirector-based link to spoof the URL shown in the dialog box, making it seem, for example, that a button would be downloaded from Google.com, when in fact it would come from the hacker.
Finding the Vulnerability
"I actually didn't use this toolbar for a long long time, way before there was a possibility to add new buttons, and I was curious about the new beta version," Raff told TechNewsWorld. "I downloaded it and looked into this nice feature, which was new to me."
There's a couple of levels of work a hacker would have to go through to make this vulnerability pan out, such as getting a user to start downloading a button in the first place. That would likely have to come from a site or e-mail 
the user believed was safe.
"It is a good, effective way for attackers to gain their victim's trust, but ... there are other easier ways for attackers to gain access to their victim's PC's," Raff noted.
Still, Google has a massive programming staff that basically lives for creating Web-based applications that should be rock-solid and secure. Is this a surprising hole?
"I wasn't surprised," Raff said. "Even Google can have bugs. My recommendation for the end user is to avoid adding new buttons until Google provides a fixed version of the toolbar."
Raff also published a proof-of-concept example. The affected versions are Google Toolbar 5 beta for Internet Explorer, Google Toolbar 4 for Internet Explorer, and Google Toolbar 4 for Firefox. The Firefox version only allows for a partial URL spoof, however.
Print Version
E-Mail Article
Reprints
More by Chris Maxcer
Talkback: Next Article in Exploits & Vulnerabilities
|
Apple's '07 Patch Tally Nearly Twice Last Year's December 18, 2007 
Apple released its ninth set of security patches in 2007 Monday, bringing the total number of vulnerabilities it's fixed this year to about 200 -- nearly twice the number it patched last year. ABI Research analyst Zippy Aima praised the computer maker for its response time but questioned the apparent lack of urgency Apple expresses to users who need to update their systems.
|
Related Stories
|
The Changing Face of IT December 19, 2007 
As new regulation comes out, we in IT find ourselves in the position of having more and more requirements to find technical solutions to. We find ourselves facing off against internal and external auditors on a regular basis. To do our jobs well, very often we need to understand the regulations we're subject to almost as much as the auditors do themselves.
|
MS Security Update Creates Painful IE Problem December 18, 2007 
"This certainly creates a painful problem, since the update is going out to millions of people," said Rob Enderle, president and principal analyst with the Enderle Group. "Unfortunately, there's no easy way around it," Enderle added. "As we've found in the past, attackers will use the patch details to create an attack. Meanwhile, those who don't install the patch are instantly vulnerable."
|
Related News Alerts
More by Chris Maxcer
|
The Gphone That Could Catch My Eye November 20, 2009 
Rumors are cropping up that Google is preparing to sell its own Gphone -- an Android handset using Google-branded hardware. There are some reasons to doubt it will happen, of course, but the possibility is intriguing. What would Google have to build to make something worthy of an iPhone fan's attention?
|
Apple's House Rules Won't Be the Death of App Development November 13, 2009 
Facebook's iPhone app is one of the most popular wares the App Store has ever carried. But its developer, Joe Hewitt, says he's through with it, stating that Apple's review policies are starting a bad precedent for other platforms. However, good apps from talented developers will always find platforms, and Apple's policies won't prevent that from happening. They may even help.
|
Let's Give the iPhone Hackers a Big Round of Applause November 06, 2009
It's safe to say most Apple customers are satisfied living in the walled-off ecosystem that the company has created for products like the iPhone. Still, it's good to know that it is possible -- and relatively easy, even -- to bust through those walls if one should ever want to. The work of iPhone hackers is appreciated even by those who've never felt the jailbreak itch.
|
