Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Mobile browser vulnerability lets hackers steal cloud computing time

Cloud browsing uses outside computing power to process web pages and deliver them to end users

Article comments

A novel technique based on MapReduce could let hackers hijack computing resources used by cloud-based mobile browsers and use them anonymously, according to security researchers from North Carolina State University and the University of Oregon.

Cloud browsing uses outside computing power to process web pages and deliver them to end users, instead of doing the heavy lifting on the end-user's own device. The researchers say that the technique is particularly useful for mobile browsing, which would otherwise have to rely on a mobile device's less-powerful hardware. Opera Mini and Android Silk are the best-known browsers to use the technique, though there are others available.

However, the clouds used to do the heavy lifting can be tricked into doing a number of other things, according to the researchers, who have written a paper on the subject. They call the technique browser MapReduce or BMR.

The team tested its idea by storing pieces of data on URL shortening sites, effectively tricking both those sites and the cloud browser providers into performing computations for them. NCSU assistant professor William Enck, a co-author of the paper, said in a statement that the team limited the amount of data processed in this way to 100MB.

"It could have been much larger, but we did not want to be an undue burden on any of the free services we were using," he said.

Used maliciously, Enck added, the technique could provide hackers with vast, temporary and completely anonymous computing horsepower, allowing them to crack passwords or perform other nefarious tasks at great speed.

Depending on the scale of the attack, users may not notice anything is going on, he said.

"It depends on how well-provisioned the cloud browser platform is, as well as how large of a job the attacker is executing. Cloud browsers operators who are monitoring resource use will definitely notice a spike in service use. However, reacting to BMR jobs requires the operator to build additional defenses into their framework," Enck said.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *