Student Hacks Google Satellite with Blank Password (And No One Cares)
The cryptocurrency space isn’t alone when it comes to boneheaded vulnerabilities. Week before last, an Indian engineering student from Kerala, India, named Vishnu Prasad hacked into a Google TV broadcast satellite. Vishnu achieved this by simply pressing the “log in” button on the admin page with both fields blank, after finding a proxy that gave him access to Google’s login backend.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
A Ridiculous Oversight
Apparently, Google’s data saver — a Chrome extension that compresses your webpages via a Google proxy before delivering them to your device — also gave its user’s access to Google’s backend and admin subdomain pages.
Vishnu was able to log in using null credentials on his mobile device (blank username and password) and capture a few screenshots of Google’s satellite and YouTube TV admin pages before reporting the issue.
This report follows a round of YouTube multichannel network hacks back in August, that lead to, among other things, several video leaks including a TV pilot for the animated series “Hellbenders.”
Vishnu was awarded a $13,337 USD bounty for his discovery, a massive oversight on Google’s part. Before this vulnerability came to light, it would have been trivial to cause disruptions to any Google services accessible via this method.
It Just Ain’t Right, Folks
Google isn’t some cottage industry firm running out of a spare room in the burbs.
It’s a massive multinational tech and media company that billions of people rely on to conduct business every day. They run a massive network that could have at any time before the disclosure been compromised seriously, potentially leaking or losing data at a massive scale, and yet this story hasn’t seem to made any rounds in the current news cycle.
The fact an engineering student from India was able to get into the powerhouse’s broadcast satellite using the same tactics grade schoolers are using to bypass school internet filtering should have been a bigger story, plain and simple.
Do you agree? Is this an absurd gaffe? Sound off in the comments below.
Images via VideoBlocks, Phone Arena