If you’re using an app that opens files from a Microsoft OneDrive account, you may want to stop. New research by Oasis Security demonstrates that these apps receive expansive permission to access cloud storage whenever File Picker is used to upload something, far beyond what the average user would expect. Microsoft says it is not really a “security flaw,” however, since the user is providing their consent.
The researchers disagree that informed consent is being adequately provided, with no clear wording indicating that the app is now allowed free access to your cloud storage (including write access in some cases) as a condition of uploading even just one file via File Picker. With Microsoft signaling no serious interest in addressing the security flaw, it may be time to audit these apps and put alternatives for sharing files with them in place.
ChatGPT, Slack, Trello, Phenome among apps subject to Microsoft security flaw
There is actually a bundle of security issues with File Picker, varying depending on which version you use. All versions since 7.0, which has been in service for nearly a decade now, provide the broad-ranging cloud access to apps. The most recent version, 8.0, may also store authentication tokens in the browser’s temporary storage in plain text if the app developer has employed the Microsoft Authentication Library (MAL) (which is a very common thing to do). Version 7.0 also writes these tokens to the browser’s localStorage in plain text, and all versions from 7.2 back to at least 6.0 can expose the tokens in URL fragments.
The central issue with all of these security flaws is that there is really no way to fix them, and unless Microsoft gets serious about tuning up File Picker there is not going to be. Both users and administrators can manually revoke these app permissions, but the access token issued whenever File Picker is used lasts for an hour and cannot be revoked. Hundreds of apps are able to access files in this way, including ChatGPT.
File Picker may have to be entirely disabled
Microsoft argues that this is not a security flaw on the basis of asking user permission, and that its OAuth process is simply not “fine-grained” enough to ask for individual file permissions from cloud accounts. However, the researchers point out that a number of similar systems (such as those used by Google and Dropbox) are in fact able to limit themselves to user-specified files.
And whether users are truly giving informed consent is another question. The researchers note that the wording of the prompt, which asks for general permission to open OneDrive files, does not make clear that this is a permission to access anything in the associated cloud folder (let alone write over it). Similar wording is seen in other places, Android for just one common example, in which the app requesting permission is only accessing the files the user opts to upload.
It is unclear if any of the apps the researchers mention are making use of this broad permission, and they may very well not be. But the security flaw is obviously wide open to abuse. One malicious app could trivially steal the entire contents of a OneDrive account and/or destroy or ransom it as well. Even a well-meaning AI app might end up absorbing the account contents into its training data, where it essentially goes beyond reach and could surface elsewhere in the future.
Organizations may need to implement other ways to share files via apps and websites in light of this news, such as a read-only link (or simply moving off of OneDrive). At minimum, the security flaw is a good prompt to review OneDrive accounts and ensure that sensitive materials are not accidentally being synced to them or are sitting around for an unnecessary amount of time.
