Microsoft OneDrive is affected by a major vulnerability. The platform potentially exposes its users to ransomware-type attacks, which is rather worrying given the security promises it puts forward.
These are the conclusions of a recent research conducted by a security expert. He managed to demonstrate that Microsoft’s cloud services platform could turn into a real spy that allows hackers to recover sensitive data by bypassing its detection mechanisms.
A flaw that turns OneDrive into a double agent
The security expert in question, Or Yair, put himself in the shoes of a hacker and managed to thwart OneDrive’s defenses quite easily. First step: compromise a user account. Once this was done, Yair gained access to “session tokens” (security elements that allow authentication and access of a user to his cloud storage), extracted them from the user’s account and exploited them to launch his attack. This manipulation allowed him to establish junctions to other folders outside of OneDrive, which gave him the possibility of accessing files stored locally on other computers. Once this access was established, it was then possible to encrypt, delete or modify these files.
OneDrive logically includes essential protection against this type of manipulation: “shadow” copies of files, which act as backups to protect them in the event of a ransomware attack of this type. However, Yair managed to circumvent this defense mechanism by targeting the OneDrive application developed for the Android OS. This has a big weakness, since the API allows the removal of “shadow” copies that Yair had already encrypted. Result: impossible for the victims to recover their files, these had been encrypted.
Design errors at the source of this problem
The conclusions drawn by Yair are as follows: these permeability concerns are due to Microsoft and to errors in the design of OneDrive’s protections. But not only, because service providers who collaborate with Microsoft in the development of the cloud service would also be at fault.
Microsoft should now be able to address this vulnerability. Logically, detection software should be able to detect such malicious activity when it affects session tokens. However, the detection solutions offered by the various Microsoft suppliers failed to identify this flaw. SentinelOne, one of the software used in the OneDrive environment, had however detected the attack, but did not go so far as to prevent the deletion of “shadow” copies of files. The reason: The local OneDrive executable was located in a permissions list that it definitely shouldn’t have access to.
Attacks of this type are becoming more sophisticated and frequent, and companies urgently need to get up to speed. This vulnerability discovered by Yair could possibly have been avoided if Microsoft and its various security software vendors had worked together more closely.
See the offer
8
- Native integration in Windows and Office
- Sharing, collaboration and productivity
- Web interface
OneDrive is one of the best solutions for PC users. Its web interface is also one of the most complete and user-friendly on the market, whether for document and multimedia content management, or file sharing and real-time collaboration. If it does not demerit on other platforms with its remarkable Mac, Android and iOS clients, its use is however not as transparent as that of Dropbox. Microsoft has greatly improved its synchronization technologies, but it still ignores file compression for transfers as well as synchronization via the local network.
The main problems of OneDrive are the same as most cloud giants based in the United States. Devoid of end-to-end encryption (without knowledge), the publisher and the authorities who request it can access the data stored on user accounts. OneDrive nevertheless has many positive points, and its offers for individuals including the Office suite remain among the most attractive on the market.
OneDrive is one of the best solutions for PC users. Its web interface is also one of the most complete and user-friendly on the market, whether for document and multimedia content management, or file sharing and real-time collaboration. If it does not demerit on other platforms with its remarkable Mac, Android and iOS clients, its use is however not as transparent as that of Dropbox. Microsoft has greatly improved its synchronization technologies, but it still ignores file compression for transfers as well as synchronization via the local network.
The main problems of OneDrive are the same as most cloud giants based in the United States. Devoid of end-to-end encryption (without knowledge), the publisher and the authorities who request it can access the data stored on user accounts. OneDrive nevertheless has many positive points, and its offers for individuals including the Office suite remain among the most attractive on the market.
Source : The Register
0