Threat actors could exploit a vulnerability in Google Cloud's Document AI service to facilitate data exfiltration, reports SiliconAngle.
Broad permissions obtained by the service as a result of its document processing in Cloud Storage enable access to Cloud Storage buckets within the project and could be leveraged by threat actors to infiltrate buckets that should have been inaccessible, according to a report from Vectra AI. Attackers with adequate permissions could also establish or alter processors even in organizations not using Document AI due to access being provided by the service's Core Service Agent, said Vectra AI researchers.
With Google still determining how to classify the issue months after being reported by Vectra AI, organizations using Google Cloud have been urged by the threat detection and response firm to deactivate Document AI through Organizational Policy Constraints, as well as adopt more stringent identity and access management policies.