![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![Z buffer problem in a 2.5D engine similar to monument valley [closed]](https://i.sstatic.net/OlHwug81.jpg)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Kjetil_Kolbjornsrud_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
OneDrive flaw can give websites and apps full access to your files, even if you pick just one
Microsoft OneDrive is used by millions of users, largely thanks to its integration as the default cloud file hosting service on Windows and Microsoft 365. Security researchers at Oasis Security discovered a […] Thank you for being a Ghacks reader. The post OneDrive flaw can give websites and apps full access to your files, even if you pick just one appeared first on gHacks Technology News.
Microsoft OneDrive is used by millions of users, largely thanks to its integration as the default cloud file hosting service on Windows and Microsoft 365.
Security researchers at Oasis Security discovered a flaw in OneDrive that could give services, apps, and websites full access to all hosted files.
Many web services and sites support uploading files directly from OneDrive and other cloud storage services. ChatGPT, to name just one, includes an option to link the account with a OneDrive account for easier file uploads.
The main benefit here is that files can be uploaded directly from the cloud storage service. This is often faster than uploading the files from the local system.
Many users who upload files directly from OneDrive to such a service might expect that it only gains permissions to access the selected file or files.
Oasis Security notes that this is not the case, as OneDrive does not support fine-grained access controls. In other words, it is a all or nothing option that, at least in theory, gives the service full access to all files.
The permissions are time-limited by default but refresh tokens may be used to extend the access period.
Users who want to use their OneDrive account for uploads get a security prompt shown to them. This gives consent, but Oasis Security notes that "vague and unclear language" does not communicate well the level of access that is granted to the app or site.
Oasis Security recommends that OneDrive users perform checks of application permissions to remove those that are no longer needed.
Here is how that is done:
- Load the following address in your favorite web browser: https://account.microsoft.com/privacy/app-access
- You may be prompted to sign in to a Microsoft account. If you are, complete the sign in process.
- Browse the list of apps that you see there.
- Click on details next to apps to see the permissions that you granted them.
- Select "Don't Allow" to remove a permission. You may be prompted to authenticate the operation using your password, PIN or other means.
Each entry lists the application's name, the last used date, and the two action buttons "don't allow" and details.
The page lists apps that required any permission. It does not have to be OneDrive necessarily. You may see permissions to access Xbox Live data, if you are a gamer.
Look for permissions that allow apps to open OneDrive files or even broader OneDrive permissions.
The site lacks options to search for specific permissions. While you may be able to exclude some apps right away just by looking the name or last used date, it is still not overly comfortable.
There is also no option to select everything at once to revoke all permissions.
How to check if a site requests the OneDrive permission
Sites or apps display a prompt whenever a link to OneDrive for uploading or downloading files is going to be established by the user's actions.
Check the consent prompt for OneDrive permissions. It may be better to skip OneDrive altogether, especially if only one or a small number of files need to be uploaded.
Now You: do you use OneDrive or another file hosting service on the Internet? Have you granted apps or services access to your files? Feel free to leave a comment down below.
Thank you for being a Ghacks reader. The post OneDrive flaw can give websites and apps full access to your files, even if you pick just one appeared first on gHacks Technology News.
