Google Drive Flaw Lets Hackers Easily Install Malware! The new flaw makes you vulnerable to malware and spam attacks if you access shared files on Google Drive.
The flaw, discovered by A. Nikoci shows how Google Drive’s “manage versions” is ripe for being messed around by hackers.
If you’re not aware, “manage versions” on Google Drive let’s one see and access all the older versions of a file that was hosted and shared by Google Drive.
This feature is also used to replace an older version of the file with a new file without breaking its share link.
The problem lies in the fact that Google does not check the file type when you upload a new version. For instance, an image – a JPEG file – can be replaced with an executable file (.exe) with the “manage versions” feature.
Surprisingly, when previewed online Google Drive won’t indicate newly made changes – in that it will show you a preview of the JPEG image – but when downloaded it will download the newer .exe file.
Nikoci said he reported the loophole to Google but the issue was still unpatched as of August 22.
Beware of downloading files from unknown Google Drive folders.