While Google is touting that its cloud-based services are more secure than any other computer method, security experts are saying that’s rubbish.
Matt Johansen, a researcher with WhiteHat Security, found a flaw in a Chrome OS note-taking application and used it to take control of a Google email account. He reported it to Google, which fixed the problem and gave him a $1000 reward for pointing it out, but Johanson said that this is just the tip of the iceberg.
He claims that there will be a whole new field of malware developed to mine web-centric software.
According to the Sydney Morning Herald, he said that the secret to hacking Chrome OS is to capture data as it travels between the Chrome browser and the cloud. Until now hackers have targeted data that sits on a machine’s hard drive.
He said that if hackers can get at your online banking or your Facebook profile, or your email as it is being loaded in the browser, they could not care less what’s on the hard drive.
Johansen found the same bug that he had told Google about on several other applications and they will be telling the world about them at the Black Hat conference.
Mostly they are “extensions”, which users download from the Google Chrome Web Store and run inside browsers
Chrome OS extensions are written by independent software developers. The Google Chrome OS gives extensions sweeping rights to access data stored on the cloud.
He said that Chrome trusted extensions more than it would be trusting just another website.
It means that Google has to clamp down on extensions and test them before clearing them for the Chrome Web Store.