Israeli cybersecurity startup Astrix Security discovered a zero-day flaw in Google Cloud Platform (GCP) in June 2022, which the search giant patched earlier this month. The researchers at Astrix have now released more details of the flaw, known as "GhostToken."
- According to a report by Astrix, the vulnerability could have allowed threat actors to make a malicious application invisible and unremovable, potentially exposing a victim's personal data forever.
- "GhostToken" enabled attackers to hide their malicious application from a victim's Google account application management page, the only location where Google users can view their applications and revoke their access.
- The researchers at Astrix highlight that the application hidden from the victim's view could have made it impossible for them to know that their account is at risk in the first place. If they do find out, the only viable solution would have been to create a new Google account.
- Hackers could have exploited the "GhostToken" vulnerability to access a victim's Gmail, personal files on Google Drive and Google Photos, view planned events on their Google Calendar, track their location via Google Maps, steal sensitive data, and more, depending on the permissions settings.
- Google fixed the issue globally on April 7, 2023, in coordination with Astrix Security.