Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

News > Attacks & Threats > Google API Keys Remain Active After Deletion

Google API Keys Remain Active After Deletion

A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the cloud provider claims deletion is immediate.

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them.

Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window — the time between a key's deletion and its last successful authentication — for the cloud giant's API keys. In a blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case. More here

Similar Stories

Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras. More...

Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to acc… More...

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem ra… More...

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques d… More...

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing … More...

Have your say

 

News Categories

Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras. More...

Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to acc… More...

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem ra… More...

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques d… More...

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing … More...

image

Contact Us

Security Interest Group Switzerland
c/o Bridge Head AG
Sulzbergstrasse 34
5430 Wettingen
Switzerland

Follow Us

This website is powered by
ToucanTech