Some odd and potentially dangerous behavior within the Google Cloud Platform (GCP) was revealed by cloud security company Mitiga Thursday. If GCP is not configured correctly, it could be exploited by attackers to engage in malicious activity inside a user’s cloud environment, according to a blog posted on the Israeli company’s website.
The behavior is linked to one of the APIs used by Google Cloud. The API allows users to retrieve data from serial ports, but by creating a virtual machine in the cloud, data could also be continuously written to the ports. Moreover, because of the way Google Cloud classifies such traffic, administrators aren’t given much visibility into it. If an attacker were exploiting the behavior, their constant calls to the ports might tip their hand, Mitiga explained, but the malicious activity is likely to be missed by developers unfamiliar with the specifics of the API.