Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Researchers at North Carolina State university and University of Oregon have proposed a jaw-dropping price tag for performing heavy duty cloud computing task – as low as zero dollars. Experiments reveal that cloud-based web browsers can be exploited to hijack the underlying computational power, and that as well, in total anonymity.

The result could be as unforgivable as cloud computing time theft of mammoth proportions. The pickpocketed resources, once fallen into the wrong hands, can be used for just about anything, including brute force password crack attempts, denial of service attacks and other genres of cycle-hungry attacks.

Contrary to relying upon the end-user’s device to perform the number crunching, cloud-based browsers make the most out of cloud resources to process and deliver web pages. This functionality of cloud-based browsers (likes of Opera Mini, Amazon Silk and Puffin) can be imitated by creating customized variants that have the potential to trick servers into performing word counts, string parsing, text search and other tasks for free. The above is accomplished by a neat hack termed as the browser MapReduce, BMR.

BMR spawns from Google’s MapReduce, an alternative mechanism to manage parallel processing of utterly large datasets. In simple words, Browser MapReduce operates by amassing free JavaScript processing cycles, in unison with a punctilious scheduling plan to effectively work around the processing bounds enforced originally by the cloud-browser providers.

The team has proved their point by saving chunks of data on URL-shortening sites, effectually deceiving them and the cloud browser providers into processing about 100MB of data for free. “What we were able to do was chain together a bunch of requests to make a larger computation“, Enck, the primary research investigator, explained.

Things are not all gloomy though. The team also presented ways to fix the cloud exploitation problem, the most effective requiring a check on the number of requests that can be directed towards the core server cluster originating from a single user. A user-authentication mechanism built into the browser should do the trick pretty well. Enck pointed out that “Instead of allowing anyone on the Internet to make requests of their servers, end users should have accounts.”

Such a methodology would allow for the service providers to notice whenever one account is generating requests that are enormously volumetric for a genuine human user. The team is all set to present their research findings at the Annual Computer Security Alliance summit to be held in the first week of December 2012.

The title of the research work, “Abusing Cloud-Based Browsers for Fun and Profit” almost says it all – cloud security measures associated with mobile devices require further fortification.

Loopholes of such sort continue to assist the bad guys in using cloud computing horsepower for not-so-noble purposes. Its about time that cloud-browser service providers take note of such weak links in the mobile cloud computing chain before the tables are turned on them.

By Humayun Shahid

About Humayun

With degrees in Communication Systems Engineering and Signal Processing, Humayun currently works as a lecturer at Pakistan's leading engineering university. The author has an inclination towards incorporating quality user experience design in smartphone and web applications.

View All Articles

Sorry, comments are closed for this post.

On-Premise VoIP vs The Cloud

On-Premise VoIP vs The Cloud

Modern Day Phone Systems The jargon in the business phone system industry is enough to make even the most tech-savvy entrepreneur’s head spin. However, if we cut through all the strange wording and focus on the features that make each system unique, we can develop enough of an understanding to make a well-informed decision for…

Cloud-Enabled Managed Hosting: 5 Things A Cloud Provider Should Offer

Cloud-Enabled Managed Hosting: 5 Things A Cloud Provider Should Offer

Cloud-Enabled Managed Hosting The IT industry moves at light speed fueled by constant change and advancement. No area of IT has been affected more by this change than the hosting and managed service space. Advancement in the cloud and its delivery models of IaaS and SaaS have caused a monumental shift in the way IT…

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

Government Cyber Security Preparedness Last year’s massive data breach of Office of Personnel Management, as well as other recent cyber security incidents affecting federal agencies, underscored the urgency of bringing the federal government’s security infrastructure up to date. Although many agencies have made strides toward hardening their cyber security, outdated IT infrastructure and architecture is…

The Cloud on Your Terms – What to look for in an EFSS Provider

The Cloud on Your Terms – What to look for in an EFSS Provider

The Cloud on Your Terms Your company has a mandate to go to the cloud and now it’s time to decide which services to use to help your business grow. You might be wearing several hats or you might be a dedicated IT professional and the responsibility has now been handed to you. So what…

World Backup Day: Understand The Data You Are Protecting

World Backup Day: Understand The Data You Are Protecting

World Backup Day: Understand The Data You Are Protecting Did you know that 113 phones are lost or stolen every minute? What about the fact that 1 in 10 computers are infected with a virus every month? Thanks to World Backup Day, an independent initiative that was started in 2011, awareness is being raised about…

How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles
Optimizing Digital Marketing Through Accessibility & Aesthetics

Optimizing Digital Marketing Through Accessibility & Aesthetics

Optimizing Digital Marketing In The Cloud Marketers are constantly looking for better ways to tantalize and engage customers, and there’s no space more competitive than the digital universe. Deliberating over pleasing layouts, effective calls to action, site responsiveness, and much more, digital marketers have more than enough to keep themselves busy without understanding the intricacies…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor