Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Researchers at North Carolina State university and University of Oregon have proposed a jaw-dropping price tag for performing heavy duty cloud computing task – as low as zero dollars. Experiments reveal that cloud-based web browsers can be exploited to hijack the underlying computational power, and that as well, in total anonymity.

The result could be as unforgivable as cloud computing time theft of mammoth proportions. The pickpocketed resources, once fallen into the wrong hands, can be used for just about anything, including brute force password crack attempts, denial of service attacks and other genres of cycle-hungry attacks.

Contrary to relying upon the end-user’s device to perform the number crunching, cloud-based browsers make the most out of cloud resources to process and deliver web pages. This functionality of cloud-based browsers (likes of Opera Mini, Amazon Silk and Puffin) can be imitated by creating customized variants that have the potential to trick servers into performing word counts, string parsing, text search and other tasks for free. The above is accomplished by a neat hack termed as the browser MapReduce, BMR.

BMR spawns from Google’s MapReduce, an alternative mechanism to manage parallel processing of utterly large datasets. In simple words, Browser MapReduce operates by amassing free JavaScript processing cycles, in unison with a punctilious scheduling plan to effectively work around the processing bounds enforced originally by the cloud-browser providers.

The team has proved their point by saving chunks of data on URL-shortening sites, effectually deceiving them and the cloud browser providers into processing about 100MB of data for free. “What we were able to do was chain together a bunch of requests to make a larger computation“, Enck, the primary research investigator, explained.

Things are not all gloomy though. The team also presented ways to fix the cloud exploitation problem, the most effective requiring a check on the number of requests that can be directed towards the core server cluster originating from a single user. A user-authentication mechanism built into the browser should do the trick pretty well. Enck pointed out that “Instead of allowing anyone on the Internet to make requests of their servers, end users should have accounts.”

Such a methodology would allow for the service providers to notice whenever one account is generating requests that are enormously volumetric for a genuine human user. The team is all set to present their research findings at the Annual Computer Security Alliance summit to be held in the first week of December 2012.

The title of the research work, “Abusing Cloud-Based Browsers for Fun and Profit” almost says it all – cloud security measures associated with mobile devices require further fortification.

Loopholes of such sort continue to assist the bad guys in using cloud computing horsepower for not-so-noble purposes. Its about time that cloud-browser service providers take note of such weak links in the mobile cloud computing chain before the tables are turned on them.

By Humayun Shahid

About Humayun

With degrees in Communication Systems Engineering and Signal Processing, Humayun currently works as a lecturer at Pakistan's leading engineering university. The author has an inclination towards incorporating quality user experience design in smartphone and web applications.

View All Articles

Sorry, comments are closed for this post.

Comic
IBM and VMware Expand Partnership to Enable Easy Hybrid Cloud Adoption

IBM and VMware Expand Partnership to Enable Easy Hybrid Cloud Adoption

IBM and VMware Expand Partnership More than 500 new clients, including Marriott International are now running VMware software on IBM Cloud since the strategic cloud partnership was announced;Introduction of VMware Cloud Foundation on IBM Cloud helps move existing apps to the cloud within hours; More than 4,000 IBM service professionals trained to help organizations extend…

Fully Autonomous Cars: How’s It REALLY Going To Work?

Fully Autonomous Cars: How’s It REALLY Going To Work?

Pros and Cons and What the Experts Think Science fiction meets reality, and modern civilization is excitedly looking forward to the ubiquity of self-driving cars. However, an omnipresence of fully autonomous cars won’t happen as quickly as even some hopeful experts anticipate. While the autonomous car pros versus the cons race (See infographic discovered via…

The Lighter Side Of The Cloud – Bottlenecking

The Lighter Side Of The Cloud – Bottlenecking

By David Fletcher Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.

Recent Articles - Posted by
Fintech Systems, Advancements and Investments

Fintech Systems, Advancements and Investments

Fintech Growth According to a recent report, global investment in fintech companies including both venture-backed and non-venture-backed businesses reached $9.4 billion in the second quarter of 2016; investment in venture capital-backed fintech startups, however, fell by 49%. Nevertheless, the Pulse of Fintech, published jointly by KPMG International and CB Insights, suggests venture capital investment in…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

Four Keys For Telecoms Competing In A Digital World

Four Keys For Telecoms Competing In A Digital World

Competing in a Digital World Telecoms, otherwise largely known as Communications Service Providers (CSPs), have traditionally made the lion’s share of their revenue from providing pipes and infrastructure. Now CSPs face increased competition, not so much from each other, but with digital service providers (DSPs) like Netflix, Google, Amazon, Facebook, and Apple, all of whom…

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…

Moving To The Cloud: A Smart Move Or Proceed With Caution?

Moving To The Cloud: A Smart Move Or Proceed With Caution?

Moving To The Cloud You hear it over and over again: The future of computing is in the cloud. Businesses should be moving to the cloud. If you’re not in the cloud, you’re behind the times. But trusting your essential data to a cloud may sound like a dubious proposition. Below are some of the…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

The Monstrous IoT Connected Cloud Market

The Monstrous IoT Connected Cloud Market

What’s Missing in the IoT? While the Internet of Things has become a popular concept among tech crowds, the consumer IoT remains fragmented. Top companies continue to battle to decide who will be the epicenter of the smart home of the future, creating separate ecosystems (like the iOS and Android smartphone market) in their wake.…

Utilizing Digital Marketing Techniques Via The Cloud

Utilizing Digital Marketing Techniques Via The Cloud

Digital Marketing Trends In the past, trends in the exceptionally fast-paced digital marketing arena have been quickly adopted or abandoned, keeping marketers and consumers on their toes. 2016 promises a similarly expeditious temperament, with a few new digital marketing offerings taking center stage. According to Gartner’s recent research into Digital Marketing Hubs, brands plan to…

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Big Data To Analyze Using Big Data to Analyze Venture Capitalists’ Ability To Recognize Potential For those who are regularly involved with SMEs, venture capital, and company valuations, it is common knowledge that start-ups that exit for more than $1 billion dollars are extremely rare – often termed ‘unicorn’ companies. Despite their rarity, it should…

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services Cloud Banking Insights Series focuses on big data in the financial services industry and whether it is a security threat or actually a massive opportunity. How does big data fit into an overall cloud strategy? Most FI’s have a positive mind-set towards cloud IT consumption as it not only enables…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

The Big Data Movement Gets Bigger

The Big Data Movement Gets Bigger

The Big Data Movement In recent years, Big Data and Cloud relations have been growing steadily. And while there have been many questions raised around how best to use the information being gathered, there is no question that there is a real future between the two. The growing importance of Big Data Scientists and the…