Critical Security Vulnerabilities Discovered in Google's Looker Platform
Security researchers have identified two severe vulnerabilities in Google's business intelligence platform, Looker, which could allow hackers to execute remote code and steal sensitive corporate data. These flaws, collectively named 'LookOut,' pose a significant threat to the over 60,000 companies across 195 countries that rely on Looker for data analysis and visualization.
Details of the 'LookOut' Vulnerabilities
According to cybersecurity firm Tenable, one of the vulnerabilities involves a Remote Code Execution (RCE) chain. This flaw enables attackers to gain full control of a Looker server by executing malicious commands remotely. Hackers targeting cloud instances of Looker could exploit these security weaknesses to achieve cross-tenant access, potentially compromising multiple organizations simultaneously.
Tenable researchers highlighted that companies are at risk of complete theft from Looker's internal management database. By deceiving the system into connecting to a manipulated 'private brain,' attackers can use specialized data-extraction techniques to download user credentials and configuration secrets. Liv Matan, Senior Research Engineer at Tenable, emphasized the danger, stating, "Looker acts as a central nervous system for corporate information, and a breach could allow an attacker to manipulate data or infiltrate deeper into a company's private internal network."
Google's Response and Ongoing Risks
Google responded promptly to secure its managed cloud version of Looker after Tenable reported the vulnerabilities. However, organizations hosting Looker on private servers or on-premises hardware remain vulnerable. Tenable warned that these entities must manually apply security patches to close these backdoors, as they bear the full responsibility for protecting their infrastructure from potential administrative takeover.
Background on Looker and Its Acquisition
Looker, based in Santa Cruz, California, assists companies in visualizing and analyzing cloud-stored data. Google acquired Looker for $2.6 billion in 2019, as reported by Bloomberg, expanding its cloud offerings to help customers manage data more effectively. This acquisition is part of Google's broader strategy to enhance its cloud storage and software sales.
Protective Measures for Users
To mitigate the risk of exploitation, Tenable researchers recommend that administrators take specific actions:
- Inspect the file system for unauthorized files in the .git/hooks/ directory of Looker project folders, particularly scripts like pre-push, post-commit, or applypatch-msg that may have been placed by attackers.
- Examine application logs for signs of internal connection abuse, such as unusual SQL errors or patterns indicative of error-based SQL injection targeting internal Looker database connections like looker__ilooker.
These steps are crucial for organizations to safeguard their systems against potential breaches and ensure the integrity of their corporate data.
