SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Vectra AI reveals critical flaw in Google Cloud Document AI

Fri, 20th Sep 2024

Vectra AI has identified a significant vulnerability in Google Cloud's Document AI service that could expose users to data exfiltration risks. Kat Traxler, Principal Security Researcher at Vectra AI, has flagged the issue, centred on "Transitive Access Abuse," where the Document AI service agent's extensive permissions enable unauthorised access to any Cloud Storage object within the same project. This vulnerability could allow malicious actors to gain access to data normally restricted to authorised users.

Traxler elaborated on the threat, stating, "The challenge for organisations is clear – safeguarding valuable data is more crucial than ever as AI becomes deeply embedded in our digital infrastructure. Data exfiltration is a major concern, highlighting AI's dual role in both facilitating and thwarting cyberattacks. At Vectra AI, our mission is simple – we aim to empower companies with the insights and strategies needed to effectively defend against these evolving threats." Traxler emphasised that the misuse of the Document AI service could lead to data being exfiltrated from Google Cloud Storage (GCS) to an arbitrary bucket, effectively bypassing access controls and extracting sensitive data.

Research from the Ponemon Institute indicates that over 60% of organisations have experienced some form of data exfiltration in the past two years, underlining the prevalence of this threat. In Australia, the Australian Information Commissioner's Office (OAIC) reported a 9% increase in data breaches in the first half of 2024 compared to the previous six months, marking the highest number of notifications since late 2020.

Traxler described the inner workings of the existing vulnerability within Document AI, explaining that the service is designed to extract information from unstructured documents. When processing documents stored in Cloud Storage, either through online or batch jobs, it's the batch processing that allows the Document AI Core Service Agent broader access permissions. This service agent can access any Cloud Storage bucket within the project, as opposed to the more restricted permissions applied in standard processing.

This particular issue enables attackers to exploit data exfiltration from Google Cloud Storage (GCS) to an arbitrary bucket, bypassing all access controls and extracting sensitive information, demonstrating what Vectra AI calls Transitive Access Abuse. Traxler highlighted, "It is crucial to remember that permission grants only tell part of the story – especially once service functionality and the possibility of transitive access are considered. Transitive Access Abuse is not isolated to the Document AI service but will likely reoccur across services (and all the major cloud providers)." She continued, advising organisations to segment data storage, business logic, and workloads in different projects to reduce the impact of excessively privileged service agents.

In response to this vulnerability, Vectra AI recommends specific actions for security operations centre (SOC) teams. The first recommendation is project-level segmentation – ensuring that data-at-rest does not reside in the same project as its consumers, such as Document AI. This involves configuring the inputs and outputs to reside across different projects, thereby obligating manual binding of IAM permissions for the Service Agent instead of relying on automatic grants. The second recommendation is to restrict the API and service usage itself. This involves using the Organisation Policy Constraint service to disable the Document AI service when it is not required, and restricting API usage with service policies.

The identification and public detailing of this vulnerability come as a critical reminder of the ongoing challenges organisations face in balancing efficiency and security in the realm of AI and cloud services. The discovery by Vectra AI underscores the importance of robust security practices and the need for continued vigilance in protecting sensitive data across digital infrastructures.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X