Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Researchers at North Carolina State university and University of Oregon have proposed a jaw-dropping price tag for performing heavy duty cloud computing task – as low as zero dollars. Experiments reveal that cloud-based web browsers can be exploited to hijack the underlying computational power, and that as well, in total anonymity.

The result could be as unforgivable as cloud computing time theft of mammoth proportions. The pickpocketed resources, once fallen into the wrong hands, can be used for just about anything, including brute force password crack attempts, denial of service attacks and other genres of cycle-hungry attacks.

Contrary to relying upon the end-user’s device to perform the number crunching, cloud-based browsers make the most out of cloud resources to process and deliver web pages. This functionality of cloud-based browsers (likes of Opera Mini, Amazon Silk and Puffin) can be imitated by creating customized variants that have the potential to trick servers into performing word counts, string parsing, text search and other tasks for free. The above is accomplished by a neat hack termed as the browser MapReduce, BMR.

BMR spawns from Google’s MapReduce, an alternative mechanism to manage parallel processing of utterly large datasets. In simple words, Browser MapReduce operates by amassing free JavaScript processing cycles, in unison with a punctilious scheduling plan to effectively work around the processing bounds enforced originally by the cloud-browser providers.

The team has proved their point by saving chunks of data on URL-shortening sites, effectually deceiving them and the cloud browser providers into processing about 100MB of data for free. “What we were able to do was chain together a bunch of requests to make a larger computation“, Enck, the primary research investigator, explained.

Things are not all gloomy though. The team also presented ways to fix the cloud exploitation problem, the most effective requiring a check on the number of requests that can be directed towards the core server cluster originating from a single user. A user-authentication mechanism built into the browser should do the trick pretty well. Enck pointed out that “Instead of allowing anyone on the Internet to make requests of their servers, end users should have accounts.”

Such a methodology would allow for the service providers to notice whenever one account is generating requests that are enormously volumetric for a genuine human user. The team is all set to present their research findings at the Annual Computer Security Alliance summit to be held in the first week of December 2012.

The title of the research work, “Abusing Cloud-Based Browsers for Fun and Profit” almost says it all – cloud security measures associated with mobile devices require further fortification.

Loopholes of such sort continue to assist the bad guys in using cloud computing horsepower for not-so-noble purposes. Its about time that cloud-browser service providers take note of such weak links in the mobile cloud computing chain before the tables are turned on them.

By Humayun Shahid

About Humayun

With degrees in Communication Systems Engineering and Signal Processing, Humayun currently works as a lecturer at Pakistan's leading engineering university. The author has an inclination towards incorporating quality user experience design in smartphone and web applications.

View All Articles

Sorry, comments are closed for this post.

Comic
Tesla Solar Plan Would Cost Billions To Implement

Tesla Solar Plan Would Cost Billions To Implement

A 1,500-word manifesto that Elon Musk unveiled last week, outlining his plan to expand Tesla Motors Inc.’s electric-vehicle line and to build “stunning solar roofs,” may end up costing the company tens of billions of dollars to carry out. Musk, Tesla’s chairman and chief executive officer, gave the estimate on Tuesday after a tour of the…

Healthcare IoT Security To Grow To $47 Billion In 2021

Healthcare IoT Security To Grow To $47 Billion In 2021

Healthcare IoT Security It’s obvious that IoT can make the entire healthcare industry more efficient. The kind of data involved can be used to save time, physical energy and operating costs. Because of this, devices that facilitate medical data are becoming more commonplace in the industry. This includes things such as wearables that can track…

Zoho Announces Industry’s First Multichannel CRM Service

Zoho Announces Industry’s First Multichannel CRM Service

Zoho News According to Gartner, the Customer Relationship Management (CRM) software market grew by 12.3% from $23.4 billion in 2014 to $26.3 billion in 2015. Suggests Julian Poulter, research director at Gartner, “The merger and acquisition activity that began flowing through the market in 2009 continued in 2015, with more than 30 notable acquisitions. This…

How The Cloud Is Changing Online Education

How The Cloud Is Changing Online Education

Online Education Growth There’s no doubt that the internet has changed the face of education over the last two decades. In fact, by some estimates more than 80 percent of college students expect to take at least some — if not all of their courses — online. Thousands of people have earned degrees without ever…

Investing In The Future With The Introduction of Sage Cloud

Investing In The Future With The Introduction of Sage Cloud

CHICAGO, IL–(Marketwired – Jul 26, 2016) – Sage, a market leader in cloud accounting software, announced today at Sage Summit 2016 its strong commitment to future technologies, with a focus on new and existing partnerships that power business growth. Revealed during CEO Stephen Kelly’s keynote address, which opened the world’s largest gathering of entrepreneurs and…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Chances are if you’re working for a startup or smaller company, you don’t have a robust IT department. You’d be lucky to even have a couple IT specialists. It’s not that smaller companies are ignoring the value and importance of IT, but with limited resources, they can’t afford to focus on anything…

Infographic: IoT Programming Essential Job Skills

Infographic: IoT Programming Essential Job Skills

Learning To Code As many readers may or may not know we cover a fair number of topics surrounding new technologies such as Big data, Cloud computing , IoT and one of the most critical areas at the moment – Information Security. The trends continue to dictate that there is a huge shortage of unfilled…

Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. Forrester has defined big data as “Technologies and techniques that make capturing value from data at an extreme scale economical.” The key word here is economical. If the costs of extracting, processing, and making use…

Cloud Infographic – Cloud Public, Private & Hybrid Differences

Cloud Infographic – Cloud Public, Private & Hybrid Differences

Cloud Public, Private & Hybrid Differences Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps Whether it be enterprise apps or any other, if there is any heavy data that is going to be transacted in and through an app, then affiliating it with the Cloud becomes a must. And then an important question arises: How do you decide when to integrate your enterprise app with…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…