Title :
Vulnerabilities through Usability Pitfalls in Cloud Services: Security Problems due to Unverified Email Addresses
Author :
Hahn, Tobias ; Kunz, Thomas ; Schneider, Markus ; Vowé, Sven
Author_Institution :
Fraunhofer-Inst. for Secure Inf. Technol. SIT (CASED), Darmstadt, Germany
Abstract :
Cloud storage services become increasingly interesting for users to easily backup or synchronize their data. On top of this basic functionality, these services offer functions for collaboration that allow users to share their files with selected other persons in a user-friendly way. We have identified that several cloud storage services do not verify whether the registrating customer is the real owner of the email address entered during the registration. Cloud providers omit the verification for reasons of usability. Here, user-friendliness goes too far at the cost of security. This vulnerability combined with collaboration functions allows attacks on cloud customers. In this paper, we explain which attacks are possible. Missing email verification and collaboration functions allow espionage and malware distribution attacks. Execution is very easy, i.e., they can be done without coding expertise or special tools.
Keywords :
Web services; cloud computing; invasive software; cloud customers; cloud providers; cloud storage services; collaboration functions; espionage attacks; malware distribution attacks; missing email verification; security problems; unverified email addresses; usability pitfalls; Cascading style sheets; Cloud computing; Electronic mail; Malware; Registers; Synchronization; cloud storage service; impersonation; security;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.297
