5/16/2023 0 Comments Google hangouts archiveGoogle Hangouts and Google Photos link sharing We recommend sharing sensitive images only to specific users or uploading the files to Google Drive with restricted link sharing as an alternative to avoid accidental exposure. When you use “copy link” and share the link, you relinquish control over who can access your files-anyone who gets their hands on a link can access a file, whether you intended them to or not. Google Photos also allows a user to share the photos to selected people, share via Facebook and Twitter, and copy links as shown in Figure 3. Figure 2: Google Photos default link sharing option The photos and videos shared have the default permission to let anyone with the link to see the photos or albums as shown in Figure 2. Google PhotosĪlongside Google Hangouts, Google Photos also allows users to upload and share photos and videos. Even though the conversation itself is not retained, the images shared while the history is disabled are. Furthermore, this is true even of images uploaded when the “conversation history” is disabled. On top of this, the link remains valid indefinitely, unless the image is deleted from the Google Album Archive. The generated link is accessible to anyone without any authentication. Every image shared in Google Hangouts generates a public link, as shown in Figure 1. In Google Hangouts, users can share images and videos alongside their chat conversations. We will highlight the exposure concerns, detection gaps in Google services, Netskope’s CTEP capability, and a method for data exfiltration. This post is part of a series highlighting data exposure concerns in Google Calendar, Google Groups, Google link sharing, Zendesk, and O365 link sharing. Whereas files uploaded to Google Drive are scanned for malicious content, no such scanning occurs in Photos or Hangouts. We will also look at the threat detection capabilities of Google Photos and Google Hangouts. Did you know that the default link sharing option in Google Photos allows anyone with the link to view the files and all images shared in Google Hangouts that are publicly accessible? In this edition of our leaky app series, we will cover how image link sharing in Google Hangouts and Google Photos can lead to the accidental public exposure of sensitive data.
0 Comments
Leave a Reply. |