Posted in Shoddy Security

Google’s “Chromebooks” have gaping security holes, researcher says

Surprise, surprise:

Google may see its Chrome operating system as more secure than traditional alternatives, but one security researcher believes the cloud-based OS is vulnerable, according to a Reuters story published yesterday.

WhiteHat Security researcher Matt Johansen said he found a flaw in a Chrome OS application that he was able to exploit to gain control of a Google e-mail account. Though Google fixed the flaw after it was reported, Johansen claims to have discovered other applications with the same flaw, Reuters said.

In citing the security holes in Chrome OS, Johansen specifically pointed to the ability of hackers who can steal data as it moves between the cloud and the Chrome OS browser instead of hacking directly into a user’s PC.

“I can get at your online banking or your Facebook profile or your e-mail as it is being loaded in the browser,” he told Reuters. “If I can exploit some kind of Web application to access that data, then I couldn’t care less what is on the hard drive.”

Google’s “Chromebooks” are basically nothing more than glorified computer security terminals providing access to Google’s opaque datacenters with sod-all security. People concerned about their privacy and security would do well to stay far, far away from Google’s offerings.

Google, of course, reacted very defensively when asked for comment about this. They’d like people to believe their products are secure. But reality has proved otherwise. Security seems to be an afterthought as far as Google is concerned. That’s because Google’s business isn’t security, it’s data-mining.