David Kirkpatrick

August 10, 2008

Google gadgets can open backdoor

Filed under: Business, Technology — Tags: , , , , — David Kirkpatrick @ 4:55 pm

I guess the message here out of Mountain View is “downloader beware …”

From the link:

Software that hackers can trick people into installing on “iGoogle” home pages can track users’ activities and control their machines, SecTheory chief executive Robert Hansen showed AFP on Friday.

“I could force you to download child porn or send subversive material to China,” Hansen said. “The exploitation is almost limitless. Google has to fix it.”

Google lets people customize iGoogle home pages with mini-software programs called “gadgets” such as to-do lists, news feeds, currency converters, and calendars.

Hackers can program malicious code into proffered gadgets or break into systems hosted by engineers providing legitimate mini-programs.

“It turns out a lot of people who develop these things aren’t good at security,” Hansen said, citing research he and Cenzic security analyst Tom Stracener shared at a notorious annual DefCon hacker gathering in Las Vegas.

“We pretty much break into anything we try.”