Hacking Google ChromeOS

Status
Not open for further replies.
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Matt Johansen and Kyle Osborn presented their paper at Black Hat this morning titled "Hacking Google ChromeOS".

Google's netbook operating system has been touted as the first platform that has been designed to be malware free from the start. Users are not able to download/install/execute code on a ChromeBook, they are only allowed to download Chrome extensions.

Johansen and Osborn didn't bother to try and prove Google wrong, they simply looked into the implications of having everything "running" as an extension in the browser.

Their research impacts all users of Google Chrome, whether they happen to be using it as an OS or simply as their browser of choice.

They discovered two things... One is that if you are running JavaScript code on the device, your code could be vulnerable to a XSS (cross site scripting) attack.

When a website has a XSS vulnerability, it allows people to attack that specific site, but it does not effect others. What happens when you have a XSS vulnerability in an application in your browser?

Well, considering the API that Chrome provides for extension development, it allows an attacker to exploit any web site operating within that browser (including all other tabs).


Read more
Click to expand...
 
Hungry Man

Hungry Man

New Member
Jul 21, 2011
669
I wonder if we'll start seeing more malicious extensions instead of malware... suddenly malware would start attacking at the browser level and it would have access to all site data and it would be incredibly easy to dodge AV's with Chrome's audoupdate and it would be as simple as clicking "yes" to install.

Still, Chromebooks are very very secure. No operating system is without faults.
 
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
It's hard to hack a Chromebook......
There are no paid extension for Chromebooks so this OS has a big advantage over Windows ........it doesn't have Warez since everything is free, the users can install any extension without being forced to search for a free and possible malicious similar extension...and Google is giving a "Verified author" tag to all good extensions. There will be a few popular extension that everyone will search and use so the new ones will have a hard time getting noticed...
Also Google has added to each app/ext... a Report abuse/Report an issue button that anyone can use...so I don't think a malicious extension could have a high life time on their Web sore..
Google could easily add other features to secure their Web Store..like a reputation system or a pre-approval stage for the apps/ext.
Cromebook has a small market share so I highly doubt anyone will try to exploit any vulnerabilities or create malicious extension.
 
Hungry Man

Hungry Man

New Member
Jul 21, 2011
669
I agree with pretty much everything you said haha I really don't think we'll be seeing much of this in the future. It's an interesting concept but it seems very very easily mitigated.
 
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Google ChromeOS as built with some security capabilities so if anyone can hack it can be fail.
 
Hungry Man

Hungry Man

New Member
Jul 21, 2011
669
It's not that they're hacking the OS or exploiting some code vulnerability, it's that they're installing a malicious extension.
 
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
I don't think anyone will manage so easily to find and exploit a vulnerability in this OS...Google has a great team of developers and a good bugs 'bounty' program....eg : Pwn2Own (a computer hacking contest ) ... Safari was hacked in 5 seconds.... .while Chrome stayed untouched......
The weak point is indeed their extension system.....as proven in the past , it can be tricked.... :p
 
Hungry Man

Hungry Man

New Member
Jul 21, 2011
669
Hacking ChromeOS would be very difficult. Chrome itself has only ever been successfully exploited (at least beyond the sandbox) once and the OS is so stripped down and simplified I'm sure it's quite secure as well.
 
Shadow Death

Shadow Death

New Member
May 12, 2011
59
The way I see it, if it can be done, it will be done. If hackers find it a challenge they will hack it. If Google continues to say it's unhackable they will find a way to prove them wrong. That's how the world turns. I think when the Chrome Books start rolling out into the public on a mass production system we will find more and more exploits.
 
Hungry Man

Hungry Man

New Member
Jul 21, 2011
669
It's not really a hack... it's an infection... an infection that will affect all browsers.

If this is anything like android and Google doesn't respond to it we'll see a huge trend though.
 
Status
Not open for further replies.

Similar threads

D
Stable Channel Update for ChromeOS and ChromeOS Flex
Replies
0
Views
130
Chrome & Chromium
Daniel Gagnon
D
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Technology Google: Can't run Windows 11 on your PC? Make it a Chromebook
Replies
3
Views
558
Technology News
Gandalf_The_Grey
Gandalf_The_Grey
CyberTech
    • +Reputation
Security News Veeam warns of critical bugs in Veeam ONE monitoring platform
Replies
0
Views
1,104
Security News
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top