About the Google Drive security “hole”

0Nikke Lindqvist • 24th Oct 2012 • Blog, Integrity • Google, security

 I’ve just blogged in Swedish about the security hole in the Mac OS X and Windows desktop clients for Google’s Drive file storage and synchronisation service. The H Security reported an open a backdoor to users’ Google accounts which could allow the curious to access the full Google account of a user, provided that the curious person has actual physical access to a computer that has the desktop client installed.

I find security holes fascinating. And especially security holes that exists only when we, the users, are slacking when it comes to basic security measures.

Now, the so called back door into our Google accounts, exist only when we hand our computers over to another user, without logging out from our main account.

I don’t say that this isn’t a security hole, and I don’t defend Google in this case. It’s clear that they could have handled this much better. Even if Dropbox has it’s security issues, they aren’t saving the website sessions like this. However, since it’s impossible to break in to your Google account this way if you actually don’t give anyone physical access to your account on your computer, there is no back door.

So my advice to Google Drive users is the same as always: Use a password for your computer, password protect it even when unused for a few moments, don’t let others (be it colleagues, spouses or children) access your account, and you’ll be quite safe.

Or, if you really worry. Use a ChromeBook, where everyone can use their own Google account when logging in.

And remember, neither your computer or your Google account is safer than this.