A security expert has discovered certain flaws in Google’s server which can allow hackers to mount massive distributed denial of service (DDOS) attacks.
Simone Quatrini, a penetration tester with Italy-based security firm AIR Sicurezza Informatica, revealed that vulnerabilities in Google’s server allow hackers to use the search engine as a proxy to retrieve content for them.
The security expert has developed a script which can allow it to use Google’s bandwidth to launch DDOS attacks on any website.
Quatrini contacted Google about the flaw on August 10, but got no reply from the company. It was then that he decided to disclose the vulnerabilities to the public. Researcher and computer student Ryan Dewhurst had also alerted Google about the flaws, but also did not receive a reply.
Quatrini claimed he was getting a bandwidth of 91Mbps even though his home server only receives bandwidth of 6Mbps.
“Is possible to request any file type, and G+ will download and show all the content. So, if you paralyse so many requests, is possible to DDoS any site with Google bandwidth. Is also possible to start the attack without be logged in G+,” Quatrini wrote in a blog post.