In August 2020, Google introduced an annual bug bounty or vulnerability reward program (VRP) for its Google Cloud Platform (GCP). Sighting under-representation of research on the GCP, Google kept a bounty prize of US$100,000 to generate interest among bounty hunters. They seem to have succeeded in their endeavor, as a Dutch researcher by the name of Wouter ter Maat has been announced as the winner of 2019 GCP VRP prize for his findings of Google Cloud Shell vulnerabilities.
What is Google Cloud Shell?
The GCS grants both–administrators and developers, quick access to cloud resources. It provides a Linux shell that is accessible from the front-end through a browser. The shell comes with pre-installed tools required for working on Google Cloud Platform projects, such as google cloud, Docker, Python, vim, Emacs and Theia, a powerful opensource IDE.
Wouter ter Maat discovered a total of nine vulnerabilities in the GCS which is mentioned in the video streamed on LiveOverflow YouTube channel. He was able to connect with the resources after launching the Cloud Shell, entered a container, escaped from it and then accessed the full host by examining the file system. The security researcher was alerted when he found two Docker UNIX sockets:
Of the two, the second was a host-based Docker socket. By simply writing a few quick scripts, Wouter established communication with the host-based Docker socket, then escaped the container and gained privileged root access. Privileged root access helps attackers to potentially control and access everything on the GCP.
Google Cloud Platform Vulnerability Reward Program (VRP) 2020
Since the previous Google bug bounty program has worked in Google’s favor, it has now decided to triple the GCP VRP prize money for 2020. It will pay total prize money amounting to US$313,337 among top six vulnerability submissions as follows:
- 1st prize: US$133,337
- 2nd prize: US $73,331
- 3rd prize: US$73,331
- 4th prize: US$31,337
- 5th prize: US$1,001
- 6th prize: US$1,000