Cloud-Based Browsers Can Be Abused with Twist on a Google Technique

A twist on a technique developed by Google could let cyber-criminals hack cloud-based mobile browsers and crack passwords anonymously, according to security researchers from North Carolina State University and the University of Oregon.

Researchers used the “MapReduce” technique developed by Google, typically used for distributed computing on clusters of machines, to perform large-scale tasks that had nothing to do with browsing. For ethical considerations, security experts limited their computation functions to 100-megabyte data packets.

“It could have been much larger, but we did not want to be an undue burden on any of the free services we were using,” said Dr. William Enck, an assistant professor of computer science at NC State and co-author of the paper. “We`ve shown that this can be done. And one of the broader ramifications of this is that it could be done anonymously. For instance, a third party could easily abuse these systems, taking the free computational power and using it to crack passwords.”

Cloud browsers create a Web interface in the cloud so computing is done there rather than on a user`s machine. The process is particularly useful for mobile devices, which have limited computing power. Cloud-computing also allows shared resources on multiple computers.

The paper titled “Abusing Cloud-Based Browsers for Fun and Profit” will be presented on Dec. 6 at the Annual Computer Security Applications Conference in Orlando.