Google Vulnerability: ConfusedFunctions Leads To Data Access
Cybersecurity researchers, as of recent, have discovered a Google vulnerability impacting the Cloud Functions service. The Google vulnerability being categorized as one pertaining to privilege escalation, has been named ConfusedFunctions. In this article, we’ll dive into the details of the flaw and how it can be exploited by cybercriminals.
ConfusedFunctions Google Vulnerability Details
Before we dive into the details of the Google vulnerability, let’s look at what the service actually does. Cloud Functions is basically a serverless execution environment in which developers can create single-purpose functions.
These functions can be triggered in response to specific Cloud events and do not require server management or updating a framework. The initial problem that was identified by Tenable was related to a Cloud Build service account.
The account is created in the background and linked to a Cloud build instance by default when a Cloud Function is created or updated. This essentially gives a way of entry to threat actors for initiating potential malicious activity owing to its excessive permissions.
To ensure protection against such exploits, it’s important to comprehend that these permissions are what give threat actors the ability of creating and updating Cloud Function and helping them in leveraging the loophole.
ConfusedFunctions Google Vulnerability Exploit
According to the information available, a potential threat actor can exploit this Google vulnerability to escalate privileges to the Default Cloud Build Service Account. Doing so would allow them to access numerous services such as Cloud Build, artifact and container registry, storage, and more.
Unauthorized access to such an extent can be detrimental for the targeted victims as it would allow threat actors to move laterally within a network, allowing them to expand their attack surface. With such control, they can easily update or even delete data on the compromised devices.
Google’s Response To The Flaw
After the disclosure, Google has now updated certain functions, such as the Cloud Build by using the computer engine default services account. The upgrade prevents misuse, which in turn minimizes the risk of exposure.
However, it’s important to mention here that these changes are not applicable to the latest version. Providing insight into the fix, Liv Matan, a researcher at Tenable, has said:
“While the GCP fix has reduced the severity of the problem for future deployments, it didn’t completely eliminate it. That’s because the deployment of a Cloud Function still triggers the creation of the aforementioned GCP services. As a result, users must still assign minimum but still relatively broad permissions to the Cloud Build service account as part of a function’s deployment.”
Conclusion
ConfusedFunctions vulnerability highlights the critical importance of robust cloud security measures. While Google has taken steps to mitigate the issue for future deployments, existing instances remain vulnerable. Organizations using Google Cloud Platform should review and adjust their permissions and security protocols to protect against potential exploits.
Given the severity and the aftermath of a potential exploit, vigilance and proactive security practices are essential to safeguard sensitive data and prevent unauthorized access, ensuring the integrity of cloud-based operations.
The source for this piece includes articles in The Hacker News and Candid Technology.