Cloud services easily abused for absent verification

Cloud services easily abused for absent verification

Free cloud services can easily be abused because many of them lack more secure verification processes. Bishop Fox researchers Rob Ragan and Oscar Salazar demonstrated that services like Dropbox and Google Apps can be used as botnets.

The researchers signed up for hundreds of cloud services by automating the email verification process. After registering their mail accounts, they had control over hundreds of virtual machines that could be used as a botnet for massive port scanning and crypto currency mining.

The researchers wanted to demonstrate what would happen if criminals use free cloud services for illegal activities. Salazar and Ragan presented their findings in their presentation ‘Cloud Ninja: Catch Me If You Can’ during the RSA Conference in San Francisco.

They could abuse two-thirds of the 150 cloud services available. Amazon has secured its cloud service by implementing strong authentication through SMS. The researchers advise the other cloud services to follow Amazon’s example.

More on SMS



Enjoyed this article? Please share the news!

About the author

Erik Eggens is an allround journalist, editor, content creator and copywriter and takes a keen interest in mobile, finance and politics.

Connect with Erik on

LinkedIn, Twitter.