Man in the middle attack threatens Google Desktop

By Justin Mann on
A clever hacker has discovered a vulnerability in Google Desktop, exploiting a man-in-the-middle attack that could lead to someone becoming unknowingly compromised. It is a somewhat complicated attack and would require that the attacking person would have access to your local network or some other way of accessing data being transmitted between you and Google's servers:

With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop.
Regardless of its difficulty, it brings out a good point in that the more integration between a desktop and a remote server, the higher the chance of something going wrong, especially with unencrypted data. That's not what companies like Google and Microsoft want to hear, who are pushing for web applications and even remote work environments as a next step in desktop and office computing.

Google has their own security team, and doubtless they'll be looking at this problem. While I disagree with the assertion that models like Google Desktop are flawed, there's clearly room for improvement and risking personal security is definitely not something Google wants to get a name for.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.