Cloud Security Loopholes – easily found with Google Code Search

cloud security risksIf you think cloud security issues is for those cloud skeptics and paranoids, think again. Researchers at security consulting firm Stach & Liu, a developer of Google hacking tools, has revealed the results of their cloud services research last month. The researchers offer one word of advice: Don’t even think to store critical information on the public cloud (for now…)

According to, The Stach & Liu research team claimed that using a simple Google code search, access codes and secret keys of thousands of public cloud services can be easily found.

Access codes and secret keys are supposedly, well, secret – so if they can be found on a code search engine accessible to everyone, such as Google’s then there are high risks of cloud security breach – and your company’s critical information can get stolen easier than you think.

What secret keys can do?

The secret codes and keys found on Google code search can be used for many purposes, such as: Take control of computers in the cloud, shut them down, or… to inject malicious codes and launch attacks on other computers of the same cloud service. Uh-oh.

So – whose fault is it?

It seems that cloud businesses are taking on the cloud without properly securing their cloud services – capitalizing the high demand market of cloud computing for business. I’ve mentioned that businesses’ decision makers seem to go cloud without doing their due diligence. Along with the fact that cloud services have compromised security, disasters of data loss could happen anytime.

The problems are not on the cloud service providers, though. The culprits are the cloud services’ developers and administrators who allegedly store the credentials carelessly in text files and app code that for some reasons, get indexed by search engines. And as we know, when your files get indexed by the search engines, they are accessible to everyone, searchable via your favorite search engine.

Cloud security should be everyone’s responsibility – the cloud providers, the cloud developers and admins, and the cloud users. I hope blog posts such as this can help you to be more aware of the seemingly forgotten cloud security issues.

Here’s the cloud services research results (PDF)

You might also like