Cloud-Based Browsers Can Be Abused with Twist on a Google Technique
A twist on a technique developed by Google could let cyber-criminals hack cloud-based mobile browsers and crack passwords anonymously, according to security researchers from North Carolina State University and the University of Oregon.
Researchers used the “MapReduce” technique developed by Google, typically used for distributed computing on clusters of machines, to perform large-scale tasks that had nothing to do with browsing. For ethical considerations, security experts limited their computation functions to 100-megabyte data packets.
“It could have been much larger, but we did not want to be an undue burden on any of the free services we were using,” said Dr. William Enck, an assistant professor of computer science at NC State and co-author of the paper. “We’ve shown that this can be done. And one of the broader ramifications of this is that it could be done anonymously. For instance, a third party could easily abuse these systems, taking the free computational power and using it to crack passwords.”
Cloud browsers create a Web interface in the cloud so computing is done there rather than on a user’s machine. The process is particularly useful for mobile devices, which have limited computing power. Cloud-computing also allows shared resources on multiple computers.
The paper titled “Abusing Cloud-Based Browsers for Fun and Profit” will be presented on Dec. 6 at the Annual Computer Security Applications Conference in Orlando.