Link shortening sites such as bit.ly and goo.gl are most popular, with condensing URL links especially popular for social media sharing. However, the research conducted by Cornell Tech professor Vitaly Shmatikov and Arvind Narayanan showcase a disturbing effect of these URL shortening sites – they can be particularly harmful for cloud services.
In the report, Shmatikov writes:
“Short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force. Our scan discovered a large number of Microsoft OneDrive accounts with private documents. Many of these accounts are unlocked and allow anyone to inject malware that will be automatically downloaded to users’ devices. We also discovered many driving directions that reveal sensitive information for identifiable individuals, including their visits to specialized medical facilities, prisons, and adult establishments.”
Security and privacy are the most vulnerable components regarding URL shortening links – particularly with using Microsoft OneDrive (SkyDrive, previously) and Google Maps. This vulnerability comes from tokens, which are embedded into URL links to link sites with information. By using URL link shortening services, you’re actually making the URL more vulnerable to hackers and malicious users – with shorter tokens, it’s much easier to hack and manipulate the codes. With having these popular programs so vulnerable, there’s no telling what malicious activity could be committed.
Thankfully, companies in the study were contacted with the findings in an effort to increase security and reduce hacker vulnerability.
