Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Vulnerabilities through usability pitfalls in cloud services: Security problems due to unverified email addresses

: Hahn, T.; Kunz, T.; Schneider, M.; Vowe, S.


Min, G. ; IEEE Computer Society; IEEE Computer Society, Technical Committee on Scalable Computing:
11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2012. Vol.2 : Liverpool, United Kingdom, 25 - 27 June 2012; in conjunction with the 11th IEEE International Conference on Ubiquitous Computing and Communications (IUCC 2012)
Piscataway, NJ: IEEE, 2012
ISBN: 978-0-7695-4745-9
ISBN: 978-1-4673-2172-3
International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) <11, 2012, Liverpool>
Conference Paper
Fraunhofer SIT ()

Cloud storage services become increasingly interesting for users to easily backup or synchronize their data. On top of this basic functionality, these services offer functions for collaboration that allow users to share their files with selected other persons in a user-friendly way. We have identified that several cloud storage services do not verify whether the registrating customer is the real owner of the email address entered during the registration. Cloud providers omit the verification for reasons of usability. Here, user-friendliness goes too far at the cost of security. This vulnerability combined with collaboration functions allows attacks on cloud customers. In this paper, we explain which attacks are possible. Missing email verification and collaboration functions allow espionage and malware distribution attacks. Execution is very easy, i.e., they can be done without coding expertise or special tools.