Cloud services easily abused for absent verification

1 minute read

Cloud services easily abused for absent verification

Free cloud services can easily be abused because many of them lack more secure verification processes. Bishop Fox researchers Rob Ragan and Oscar Salazar demonstrated that services like Dropbox and Google Apps can be used as botnets.

The researchers signed up for hundreds of cloud services by automating the email verification process. After registering their mail accounts, they had control over hundreds of virtual machines that could be used as a botnet for massive port scanning and crypto currency mining.

SMS authentication

The researchers wanted to demonstrate what would happen if criminals use free cloud services for illegal activities. Salazar and Ragan presented their findings in their presentation ‘Cloud Ninja: Catch Me If You Can’ during the RSA Conference in San Francisco.

They could abuse two-thirds of the 150 cloud services available. Amazon has secured its cloud service by implementing strong authentication through SMS. The researchers advise the other cloud services to follow Amazon’s example.

About CM:

Companies are always looking for the best way to reach their consumers and the rise of mobile technology offers them new opportunities to achieve this goal.

Founded in 1999, CM helps companies to interact with their customers through a multi-use mobile platform for SMS, Email and Appcare.

In addition to various messaging services, the platform also provides solutions for calling through SIP trunking, payment options for companies like Autocollect and online identification solutions such as two-factor authentication(2FA).

We offer a hybrid solution for companies to reach their target audience, anytime and anywhere.

More on SMS

Enjoyed this article? Please share the news!

Continue reading

Next CM experiences successful and inspiring Mobile World Congress
Previous Mobile World Congress: Whatsapp announces voice
Back To news overview

Related articles

Two Factor Authentication: How & why Webinar: Improve your IT security with Tokenless Authentication via SMS
Webinar Quality tokenless authentication using SMS
“Too little awareness for securing our mobile devices”
Whitepaper 2FA: Unlocking Security Potential through your mobile phone

About the author

Erik Eggens is an allround journalist, editor, content creator and copywriter and takes a keen interest in mobile, finance and politics.

Connect with Erik on

LinkedIn, Twitter.