Vulnerabilities through usability pitfalls in cloud services: Security problems due to unverified email addresses

Cloud storage services become increasingly interesting for users to easily backup or synchronize their data. On top of this basic functionality, these services offer functions for collaboration that allow users to share their files with selected other persons in a user-friendly way. We have identified that several cloud storage services do not verify whether the registrating customer is the real owner of the email address entered during the registration. Cloud providers omit the verification for reasons of usability. Here, user-friendliness goes too far at the cost of security. This vulnerability combined with collaboration functions allows attacks on cloud customers. In this paper, we explain which attacks are possible. Missing email verification and collaboration functions allow espionage and malware distribution attacks. Execution is very easy, i.e., they can be done without coding expertise or special tools.