Google Cloud Document AI has some worrying security flaws

Flaw could have allowed hackers to steal data from cloud storage

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Document AI, aGoogleCloud service for file processing, had a worrying security flaw which allowed threat actors to steal sensitive data from people’scloud storageaccounts, and possibly even smugglemalwareinside, experts have warned.

Areportfrom cybersecurity researchers Vectra AI, who found and reported the flaw to Google in early April 2024, noted how Google Cloud Document AI is a suite of machine learning tools that automates the extraction, analysis, and understanding of documents. It processes unstructured data like invoices, forms, or contracts by converting them into structured, usable information. The service is designed to improve document workflows, enhancing speed and accuracy in data extraction.

Users can process documents stored in Google Cloud via so-called batch processing - automation of document analysis for large volumes of documents simultaneously. During this process, the service uses “service agent”, a Google-managed service that acts as the identity in the process. However, instead of using the caller’s set of permissions for the job, batch processing uses the service agent permissions, which are too broad.

Batch processing woes

As a result, the caller (which could be a malicious individual) can access any Google Cloud Storage buckets within the same project, and through it - all of the data found there. The researchers demonstrated a Proof of Concept to Google, showing how the vulnerability could be abused to exfiltrate a .PDF file, modify it, and then return it to the same place.

Soon after learning about the issue, Google apparently released a patch, and changed the status of the problem as ‘fixed’. However, the researchers said the fix wasn’t sufficient, and pressured the company further. Finally, in early September 2024, Google confirmed applying a downgrade that sorted it out, “because the attacker needs to have an access to an impacted victim’s project.”

ViaThe Register

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics