Researchers have found a new way to hack into your cloud syncing accounts without any username or password by deploying a new “man in the cloud attack”. These attacks use “password tokens” and are harder to detect and control.
You must have read about the man-in-the-middle attacks that steal your data transiting between the two end points. Today, we are going to tell you about a new man in the cloud attack that allows the attacker to access your files in the cloud without passwords.
At the Black Hat security conference in Las Vegas, cyber security firm Imperia has published a new research that exploits a vulnerability in the design of cloud syncing services like Google, Box, OneDrive, and Dropbox.
This man in the cloud attack works by stealing the password token, a tiny file that is found in user’s devices. The password token saves the user from typing their password again and again. After obtaining this token using methods like phishing attack or a drive-by exploit, hackers can use it to access your account by fooling another new device. This man in the cloud attack could be used to steal/alter your files, and add ransom ware or malware.
Also read: Sound Wave Hacking: Computers and Printers Hacked to Send Data as Sound Waves
Amichai Shulman, CTO of Imperia, said that this type of man in the cloud attack can also affect businesses that are dependent on cloud-based services. He added that their research has revealed how easy it is for cybercriminals to hack cloud syncing accounts, and how difficult it’s to recover and detect such unauthorized authentications. He said, “Recovery of the account from this type of compromise is not always feasible.”
Describing the man in the cloud attack, Shulman defended the cloud service providers and refrained himself from calling it a design flaw. He said that these services are secure, providing seamless file transfer, but it’s s trade-off between security and usability.
Even though many services offer 2-factor authentication, there isn’t any simple fix for the man in the cloud attack. These 2-factor notifications are delivered when an access is detected from a new computer or a new location, but people choose to ignore them. To themselves protect from these attacks, Imperva said that companies must invest more in monitoring and protecting data resources in the cloud.
See our coverage on Black Hat Conference 2015 here.
Did you find this story helpful? Tell us in the comments below.