Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Google Cloud uses a single API key format for public identification and sensitive authentication. Google Maps, Firebase, and similar services were okay to embed directly on the page. This was acceptable because it was part of the design. The keys were designed for billing and restricted on the frontend via HTTP referer allowlisting so this was alright.

Gemini uses the same API keys (public API) as the existing project. So, by using a public API key that's been on a website for years, it's now possible to access information about that project's Gemini usage. this retroactive privilege expansion is not good in practice. The defaults are that an API key is valid for ALL services on the project and not scoped down.

An attacker can access private data, such as the files and cached contents. They can also increase your bill. The authors found 2.8K keys, including several of Google's own keys that were vulnerable to this attack.

So, what was Google's response? Initially, they said this was a customer issue, until they showed Google doing this wrong. To fix this, they added scoped defaults within the AI studio, API keys that are leaked are automatically blocked. Additionally, there's proactive notification to identify which teams would be vulnerable. Response to this is hard... You don't want to brick anybody's website, but you also don't want them to lose data. Hmmmm.

A great find! This is a classic example of threat models changing in a large ecosystem without understanding the results. Great work!