Security experts found a major bug in Google Cloud
The Google Cloud Platform has SADA to thank for averting a potential disaster
Security experts SADA claimed to have found a severe vulnerability in the Google Cloud Platform which has since been patched by the tech giant.
Known as Asset Key Theft, the vulnerability would have potentially allowed threat actors to steal the private keys of Google Cloud Service Accounts. In a statement, SADA said it believed the flaw "would have given attackers a persistent and reliable method for abusing a Google Cloud environment."
SADA notified Google of the issue in its cloud hosting business via its Bug Hunters bounty program, where researchers can alert the tech giant to flaws they find in its products in a safe and secure manner.
API flaw
SADA believed that the issue was critical "due to the permission’s commonality with third-party cloud security tools, such as Cloud Security Posture Management (CSPM) tools, to gather cloud inventory data from the API."
The flaw was found in the Google Cloud Platform API known as the Cloud Asset Inventory API. It affected all Google Cloud users who had enabled this API and who had cloudasset.assets.searchAllResources permissions on the applicable Google Cloud environment were exposed to this vulnerability.
Once SADA reported this to Google, it reproduced the error itself to confirm its existence, before patching the vulnerability. SADA warns, however, that customers still may have been impacted by it, and the threat may have persisted after the patch.
“Supporting our customers as they transform their organizations in the cloud means constant vigilance when it comes to security,” says SADA CTO Miles Ward. “No public cloud is immune from vulnerabilities, and we all must act fast, collaborate openly, and communicate transparently when we spot a vulnerability."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
"We commend Google Cloud for how quickly and thoroughly they responded when we brought this bug to their attention. We’re proud of the work SADA’s engineers put into ensuring that our customers’ data remains safe."
- Here are the best cloud storage providers right now
Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers.
His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.
He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.
Most Popular
By Darren Allan
By David Nield
By Tom Power
By Darren Allan