Bill Roth, Ulitzer Editor-at-Large

Bill Roth

Subscribe to Bill Roth: eMailAlertsEmail Alerts
Get Bill Roth via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Black Hat Reports on Hacking Google Chrome OS

We spent this past week at Black Hat, rubbing elbows with a mix of security firms, industry experts, and notorious hackers. Though the conference covered the expected topics around mobile privacy, encryption and the latest hacking arts, perhaps, the most interesting discussion was around hacking Google Chrome OS.  For those that missed the presentation by Matt Johansen and Kyle Osborn of WhiteHat Security, here is a recap.

Google Chrome OS extensions function like web applications. Unlike Apple, which tests applications sold in the AppStore, Google does not review extensions made for Chrome OS, so some unsecure apps do get by. These can take the form of apps that unintentionally add unnecessary permissions or they can be malicious apps created to lure unsuspecting Chrome OS users into sharing personal information. Through both methods, hackers gain access to all sorts of personal information including passwords, contacts, email content, GPS locations and more. Because this information is stored in the cloud, it’s not so much the Chrome OS itself that is vulnerable as much as it is the system’s reliance on the cloud. Nonetheless, this news leaves Chrome OS users (and the many Chromebook buyers who were promised a more secure OS than competitors) worried.

There are solutions though. We announced a few weeks ago that we partnered with VMware to make our log management solution available in a virtualized environment, meaning that organizations can collect, store and analyze the activity going on in a cloud environment like Chrome OS. In the case of a breach, this would not only flag unauthorized activity but also identify where the unauthorized activity came from and what was accessed, saving time and money in unraveling the breach and assessing its severity. If this doesn’t offer Chrome OS users reassurance, there’s always the alternative—don’t download Chrome OS extensions until Google improves security—but what fun is that?

Categories: Security

Read the original blog entry...

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.