Security was one of three major benefits flagged up by Google when it first announced) Chrome OS (alongside speed and spimplicity), so it’s not surprising that security researchers have been putting it through its paces.
Now a few months after the first Chromebook was released, a pair of hack happy academics have demonstrated how to crack open Chrome OS security onstage at the Black Hat conference. Read on for details on what on what they showed and what Google had to say about it…
Matt Johanson and Kyle Osborn of the White Hat Security Research Center told the audience at Black Hat that they spent months digging through Chrome OS. That diligence allowed them to discover a flaw in ScratchPad, a Chrome OS extension that lets you save notes to Google Docs. From there they were able to access emails, documents, contacts and Google Voice messages.
The pair informed Google of the vulnerabilities they discovered and the company has already addressed some of them. However, they say that some of the underlying weakenesses they found in Chrome OS security remain. That said, Chrome OS is not alone in facing those issues and other OS makers face similar problems.
Google responded to the presentation with a statement. It says: “The conversation is about the web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle web attacks that can affect browsers on any computing device, thanks in part to carefully designed extensions to Chome OS and the advance security available through Chrome that many users and experts have embraced.”
While Google is bullish about the security measures it has built into Chrome OS, no system can ever be totally safe and relying on the cloud creates as many questions as it answers. We can definitely expect to see more security researchers putting Chrome OS through its paces in the future.
Out now | £free | Google (via VentureBeat)
