Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Researchers at North Carolina State university and University of Oregon have proposed a jaw-dropping price tag for performing heavy duty cloud computing task – as low as zero dollars. Experiments reveal that cloud-based web browsers can be exploited to hijack the underlying computational power, and that as well, in total anonymity.

The result could be as unforgivable as cloud computing time theft of mammoth proportions. The pickpocketed resources, once fallen into the wrong hands, can be used for just about anything, including brute force password crack attempts, denial of service attacks and other genres of cycle-hungry attacks.

Contrary to relying upon the end-user’s device to perform the number crunching, cloud-based browsers make the most out of cloud resources to process and deliver web pages. This functionality of cloud-based browsers (likes of Opera Mini, Amazon Silk and Puffin) can be imitated by creating customized variants that have the potential to trick servers into performing word counts, string parsing, text search and other tasks for free. The above is accomplished by a neat hack termed as the browser MapReduce, BMR.

BMR spawns from Google’s MapReduce, an alternative mechanism to manage parallel processing of utterly large datasets. In simple words, Browser MapReduce operates by amassing free JavaScript processing cycles, in unison with a punctilious scheduling plan to effectively work around the processing bounds enforced originally by the cloud-browser providers.

The team has proved their point by saving chunks of data on URL-shortening sites, effectually deceiving them and the cloud browser providers into processing about 100MB of data for free. “What we were able to do was chain together a bunch of requests to make a larger computation“, Enck, the primary research investigator, explained.

Things are not all gloomy though. The team also presented ways to fix the cloud exploitation problem, the most effective requiring a check on the number of requests that can be directed towards the core server cluster originating from a single user. A user-authentication mechanism built into the browser should do the trick pretty well. Enck pointed out that “Instead of allowing anyone on the Internet to make requests of their servers, end users should have accounts.”

Such a methodology would allow for the service providers to notice whenever one account is generating requests that are enormously volumetric for a genuine human user. The team is all set to present their research findings at the Annual Computer Security Alliance summit to be held in the first week of December 2012.

The title of the research work, “Abusing Cloud-Based Browsers for Fun and Profit” almost says it all – cloud security measures associated with mobile devices require further fortification.

Loopholes of such sort continue to assist the bad guys in using cloud computing horsepower for not-so-noble purposes. Its about time that cloud-browser service providers take note of such weak links in the mobile cloud computing chain before the tables are turned on them.

By Humayun Shahid

Humayun

With degrees in Communication Systems Engineering and Signal Processing, Humayun currently works as a lecturer at Pakistan's leading engineering university. The author has an inclination towards incorporating quality user experience design in smartphone and web applications.

Sorry, comments are closed for this post.


CloudTweaks Sponsors - Find out more!


Popular

Top Viral Impact

Big Data Analytics Adoption

Big Data Analytics Adoption

Big Data Analytics Adoption Big Data is an emerging phenomenon. Nowadays, many organizations have adopted information technology (IT) and information systems (IS) in business to handle huge amounts of data and gain better insights into their business. Many scholars believe that Business Intelligence (BI), solutions with Analytics capabilities, offer benefits to companies to achieve competitive

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends For nearly every business, the concept of business intelligence is nothing new. Ambitious organizations have been searching for any type of data-driven advantage for some time now – perhaps for as long as they’ve existed. However, the historical use of competitive intelligence pales in comparison to the

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts HumayunWith degrees in Communication

Are Cloud Servers The Right Choice For Your Business?

Are Cloud Servers The Right Choice For Your Business?

Cloud servers offer power, flexibility, reliability, and client friendly hosting for small and medium businesses that have outgrown shared hosting. New business hosting clients are bombarded with an incredible diversity of different choices for their site’s hosting. It can be a challenge to negotiate the range of platforms and the marketing hype that many hosting

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow  Online Education is a very exciting topic for many as it opens up many new doors and opportunities. We’ve touched on areas such as Massive Open Online Sources (MOOC) which provides tremendous levels of cloud based interconnectivity. We’ve taken a look into higher education,  the increased demand for online courses as well as


Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021
contact@cloudtweaks.com

Join our newsletter