Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

We Keep you Connected

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs
Your email has been sent
Hunters researchers noted the vulnerability could lead to privilege escalation. Google said the report “does not identify an underlying security issue in our products.”
Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs. The flaw is significant in that it could let attackers use privilege escalation to gain access that would otherwise only be available to users with Super Admin access. Hunters named this security flaw DeleFriend.
Jump to:
According to the Hunters team, the vulnerability is based on Google Workspace’s role in managing user identities across Google Cloud services. Domain-wide delegation (DWD) connects identity objects from either Google Workspace Marketplace or a Google Cloud Platform Service Account to Workspace.
Domain-wide delegation can be used by attackers in two main ways: to create a new delegation after having gained access to a Super Admin privilege on the target Workspace environment through another attack, or to “enumerate successful combinations of service account keys and OAuth scopes,” Hunters said. This second way is the novel method the researchers have discovered. Yonatan Khanashvilli, threat hunting expert at Team Axon at Hunters, posted a much more detailed explanation of DeleFriend.
Hunters disclosed this flaw to Google in August 2023 and wrote, “Google is currently reviewing the issue with their Product team to assess potential actions based on our recommendations.”
An anonymous Google representative told The Hacker News in November 2023, “This report does not identify an underlying security issue in our products. As a best practice, we encourage users to make sure all accounts have the least amount of privilege possible (see guidance here). Doing so is key to combating these types of attacks.”
Hunters said this vulnerability is particularly dangerous because it is long-term (GCP Service account keys do not have expiry dates by default), easy to hide and hard to detect. Once inside an account with Super Admin privileges, attackers could potentially view emails in Gmail, view someone’s schedule in Google Calendar or exfiltrate data from Google Drive.
“The potential consequences of malicious actors misusing domain-wide delegation are severe. Instead of affecting just a single identity, as with individual OAuth consent, exploiting DWD with existing delegation can impact every identity within the Workspace domain,” said Khanashvili in the press release.
SEE: Overworked IT pros in Australian small businesses have several options for dealing with cyber security. (TechRepublic)
In addition to ensuring privileges are set up properly, as Google notes, IT admins could create each service account in a separate project if possible, Hunters said. Other recommendations from Hunters to protect against DeleFriend exploitation are:
Google suggests the following:
Hunters created a proof-of-concept tool for running the DeleFriend exploitation method manually. The tool works by enumerating GCP Projects using the Resource Manager API, iterating and enumerating on GCP Service account resources and project resources, and investigating specific roles and permissions from there, including extracting private key value from a privateKeyData attribute key (Figure A). The end result is a JWT object, which can be exchanged with a temporary access token to allow access to Google APIs. Konanshvili’s blog post contains more detail.
Figure A 
The tool is intended for researchers in order to detect misconfigurations, and “increase awareness around OAuth delegation attacks in GCP and Google Workspace and to improve the security posture of organizations that use the Domain-Wide-Delegation feature,” Hunters wrote.
Note: This story was updated with recommendations from Google.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
Some operations and tasks don’t require painstaking attention to detail. Unfortunately, processing payroll isn’t one of them. With sensitive salary and wage information, bank and direct deposit accounts, Social Security numbers and other personal information in play, the stakes are high. This guide — and the accompanying spreadsheet — from TechRepublic Premium will help you …
Quality assurance refers to the processes being used to manage the project and to build the deliverables. This is in contrast to quality control, which refers to the activities used to create the deliverables. Because you are not responsible for the creation of the deliverables (quality control), you need to be comfortable that the outsourcer …
The list of advantages to cloud computing include lowered operational costs, greater technological flexibility and the ability to rapidly implement new systems or services. Gains in business continuity are an especially noteworthy attraction to cloud services, which operate via remote systems that remain running in the event of a local disaster, such as a hurricane …
Business intelligence and data analytics give tech decision makers a clearer idea of how well their companies are running and whether they’re meeting goals. Because BI incorporates data from across the enterprise — revenue operations, sales, supply chain and logistics — its insight is beneficial in areas such as customer profiling, customer support and market …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE