Even the most ardent cynic has to admit that Google has changed the way that the world works in a lot of different ways. Even if you just look at how the world’s knowledge is gathered and distributed you can see that Google has made a huge difference. But even as Google has made a lot of strides in the knowledge gathering arena, it has not done everything perfectly. There are certain aspects of Google operations that need some work just like any other Internet based company.
Where they need work at
While Google has a top notch security team that they employ for their web services, there have been a couple of breaches throughout the years. Some of the breaches have been large while other breaches have not been that big of a deal. But anytime a company like Google, which holds so much of your information, is breached then that is something you have to worry about. Right now it seems as if they have a security issue that is happening in the Google Images section of the web site.
What is Google Images?
While it might seem obvious to a lot of people, believe it or not, there is quite a lot of people who use Google everyday that have never heard of Google images. As a matter of fact, to a lot of these people the only thing that Google does is search and Email. So for the people who are not initiated with Google Images I will explain it here.
Google Images is a function of Google that is just like search. But instead of going around the web looking for text information, the bots of Google go around the web looking for pictures. Of course if you use the web a lot then you know that there are a lot of images around for Google to index. It might be a simple gif image or a picture of a Hollywood celebrity, whatever it is Google with try to put it into their image search index.
So what is the security vulnerability?
It turns out that some black hat hacker out on the internet found out how to redirect the images that Google indexes to another web page. They are able to do this through the image preview that Google uses when you search through the images. The Google image preview allows you to see the picture more clearly before you go to the page where the image was originally placed on a distant server. This way you already know the size of the image and whether you want it or not before you go the page.
But the redirection of the site is only the tip of the ice berg. These black hat hackers have found out how to trick Google’s search engine into automatically indexing their pictures. They have a code that searches through Google’s top trending index and then grabs photos for that trend. Google’s trend search allows you to see what people are searching for the most that day. So after they grab the image, they follow that up with fake text and then they create a web page based on that data. Google then searches the web, sees this fake text and an image that supposedly goes along with the content and then they index it. So now when someone goes to Google Images and searches that keyword they are instead taken to another web site where their computer is now infected.
What can you do about it?
As you can see by the description, this is a dangerous attack and it can really place a piece of software on your computer that is really bad for it. The creators of this exploit really knew what they were doing and it is easy to fall into this trap. This is true even if you are careful. But now that the attack is known, you should be less likely to encounter it. Google has changed the code that displays these images and most good antivirus programs have found a way to counteract it as well. You still should be very careful if you decide to use Google images. The person who created this exploit knows that they have stumbled onto something good and they are most likely not going to want to give it up. They will adjust their attacks accordingly.
With this attack you can see that even a security conscious company like Google can be succumbed by a clever attack. When it comes to security, it doesn’t matter how big you are, all that matters is how smart the attacker is. So be careful when you use any web service, even if it is being run by a company like Google. You never know what dangers are out there.