A twist on a technique developed by Google could let cyber-criminals hack cloud-based mobile browsers and crack passwords anonymously, according to security researchers from North Carolina State University and the University of Oregon.
Researchers used the â€œMapReduceâ€ technique developed by Google, typically used for distributed computing on clusters of machines, to perform large-scale tasks that had nothing to do with browsing. For ethical considerations, security experts limited their computation functions to 100-megabyte data packets.
â€œIt could have been much larger, but we did not want to be an undue burden on any of the free services we were using,â€ said Dr. William Enck, an assistant professor of computer science at NC State and co-author of the paper. â€œWeâ€™ve shown that this can be done. And one of the broader ramifications of this is that it could be done anonymously. For instance, a third party could easily abuse these systems, taking the free computational power and using it to crack passwords.â€
Cloud browsers create a Web interface in the cloud so computing is done there rather than on a userâ€™s machine. The process is particularly useful for mobile devices, which have limited computing power. Cloud-computing also allows shared resources on multiple computers.
The paper titled â€œAbusing Cloud-Based Browsers for Fun and Profitâ€ will be presented on Dec. 6 at the Annual Computer Security Applications Conference in Orlando.