News
IceWarp Discovery: Google Translate Flaw Can Hit Users with Unwanted Fees
November 2011 by IceWarp
IceWarp has uncovered vulnerabilities in Google Translate API v2 that allow hackers to easily hijack the solution and expose unsuspecting users to unwanted fees, the global messaging and collaborations solutions provider announced today. IceWarp licensed the Google product to power LiveWebAssist, its hosted business-grade multilingual business chat service, and discovered the flaw while working on the integration issues. The company immediately took steps eliminate the security lapse.
“Google Translate is an outstanding product, and we are proud to be in the first batch of its paying customers,” says Ladislav Goc, IceWarp President. “We were really surprised to find out that virtually anyone with basic hacking skills can steal a customer code. It is relatively easy, since Google Translate is typically using JavaScript. The code is visible to everybody directly in the HTML code of the page.”
EXAMPLE TAKEN FROM GOOGLE TRANSLATE v2 DEVELOPER’S GUIDE (28th. November 2011)
(http://code.google.com/intl/cs/apis/language/translate/v2/getting_started.html)
var source =
’https://www.googleapis.com/language/translate/v2?key=INSERT-YOUR-KEY&source=en&target=de&callback=translateText&q=’ + sourceText;
newScript.src = source;
Notice variable: key=INSERT-YOUR-KEY
This is ID of the paid customer of Google Translate V2.
“If someone will open a web site with implemented Google translate V2 and will “view code” the key=INSERT-YOUR-KEY is fully visible and can be used on another web site resulting “free” translation , because the charges will go to the regular paying customer of Google Translator,” continues Mr. Goc. “Risk of such situations is substantial. Free Google translation service will be terminated at the end of 2011, leaving a huge amount of developers and users utilizing it now in a limbo. Significant number of these users is likely to be very upset and start looking for both “revenge and free service.”
“For LiveWebAssist Google-translated web chat, we solved this problem by creating our own PHP objects which call Google Translate from the server side,” explains Mr. Goc. “Thus the key is not exposed at all and cannot be stolen and misused.”
LiveWebAssist, is a powerful multilingual Customer Relationship Management (CRM) product that allows companies to better monetize website traffic by interacting live with website visitors in all Google Translator-supported languages, from any location, through any device – desktop, laptop, smartphone or tablet. Based on the proven IceWarp engine, it can support organizations of all sizes: from a single-man operation to a global enterprise.
Already recognized as a leading email solutions provider and a viable Microsoft Exchange alternative, IceWarp (formerly Merak Mail Server) is deployed in more than 20,000 organizations and supports over 50 million users worldwide. The company disrupts the messaging category by delivering all email, mobile synchronization, SMS, chat, voice and video capabilities in one integrated, extremely secure and easy-to-deploy solution. Its customers include such market leaders as Marriott International, Inc., Verizon Communications, Inc., Russian Space Agency, as well as small to midsized firms.
