Skip to content

Bit9

← Back to Blog
16 Nov 2011

Google Music: A Hacker’s Paradise?

Jon Cilley

Vinyl, magnetic tape, compact disc, MP3, and now streaming. These services have allowed Lead Belly, Bing Crosby, Buddy Holly, The Beatles, Marvin Gaye, Michael Jackson, Nirvana or Lady Gaga to get repurposed to you over and over. Because of these innovations, the music industry has reinvented itself, consolidated and reprioritized its efforts time and again – sometimes against its will – in order to stay relevant to the needs of their consumers. Streaming is nothing new to us. Moore’s Law has never been more appropriate in the last decade. We’ve seen cellphones become smartphones, record stores vacated to the web, and now virtually all content having a cloud management tool available. All of this has taken the album out of our hands, our ears out of the record store, and glued our eyes to the computer screen.

Now trust me, cloud services are cool. I’m not trying to pretend to be some nostalgic hipster too preoccupied with jeans that don’t fit, an unsustainable vegan diet or an ironical infatuation with The Beach Boys all while I smoke outside of the health food store – don’t worry they’re just cloves. But to be honest, what seems like a never ending effort to give the consumer their catalog wherever they want it could also create new security threats. For hackers, making your catalogue more convenient and accessible could open doors to rooms you never thought would have them.

Today Google announced Google Music, the latest effort by Google to bring more of your content to the web. With this service, users will be allowed to upload 20,000 songs for free to Google Music’s digital locker as well as share purchased content with their friends on the company’s social networking site Google+. With Google Music, the Mountain View juggernaut is trying to take a page from Facebook and Spotify’s partnership, using social media to propagate word-of-mouth endorsements of particular artists, songs or albums. Unlike Spotify, which is only a subscription service not a direct purchasing platform, Google Music will be able to endorse content that was directly purchased by the user on Google+. This effort has been tried before with Apple iTune’s Ping service, which allows users to directly follow an artist’s recommendations for additional content. But with regards to true direct purchasing like iTunes, no other service offers a social media platform for endorsing these purchases through a cloud-based program quite like Google Music. Sorry Amazon.

So how does all this affect your security? Even to the casual user, most people who use Twitter, Gmail, Facebook, etc., can probably think of a time when the service was either overloaded or hacked. Scarlett Johansson, Christina Aguilera, Mila Kunis or Vanessa Hudgens ring a bell? Now maybe you’re not a celebrity – sorry for the harsh reminder to those who want to be – but ultimately you are still at risk. Phishing attacks are becoming more and more relevant, and with Google Music allowing users to upload 20,000 songs to their site as well as purchase over 13 million copyrighted MP3s. Hackers now have an incentive to target an individual who may not have a dog as an accessory.

For those who are not familiar. A phishing site is when a hacker clones the login page to a trusted site you use: Twitter, Facebook, Gmail, or Google Music, and gets you to enter in your login credentials. Once you make the mistake of assuming it is the actual site, you’ll usually login as if everything is hunky dory – “Hunky Dory,” also not a bad Bowie album. When you do this however, the hacker now has all they need: access to the site under your name. From there, they can do as they like, in this case, steal control of your account or catalogue. Scared yet?

So with all of this, stay mindful of the risks, be aware of the vulnerabilities, and well, don’t be dumb. If you are usually always logged into your accounts, be mindful anytime the site asks you to re-login. More than likely, it’s a phishing attack. Usually these sites get pumped to you from a referrer. This could be a direct message on Twitter, Facebook or Google+ asking you to check out something. From there, you will be prompted to login again. My recommendation for when this happens? Try to travel to these sites the way you always do when accessing the notification you’ve been alerted to. Once properly logged in, if the notification isn’t there, it’s probably safe to assume it’s a phisher. No security is perfect, and there are always loopholes. So be aware of the risks on these sites and mindful with how you get there.

email

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy this password:

* Type or paste password here:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.


Our Solutions

Our Products

  • Blog

+1 617-393-7400 US