Adding a malicious notebook to be treated like a trusted notebook in Google Colab — 1337$
When we try to execute any Google Colab notebook from GitHub repo like https://colab.research.google.com/github/raushanraj/poc_likethat/blob/master/test_simple_camera.ipynb
Google collab doesn't allow us to run any third party GitHub notebook directly, instead, it gives a warning.
Warning: This notebook was not authored by Google.
This notebook is being loaded from GitHub. It may request access to your data stored with Google, or read data and credentials from other sessions. Please review the source code before executing this notebook.
The colab.research.google.com allows notebooks from google trusted repository like “https://github.com/googlecolab” to run without any warning. Eg. https://colab.research.google.com/github/googlecolab/colabtools/blob/master/tests/simple.ipynb
Also, When we execute a notebook from the drive, whenever there is a critical functionality like accessing the camera, voice, etc then google colab add a warning prompt, once accepted then only notebook can access the same after execution. Hence, there is the relevance of warning prompt here as it is a parameter to disable and enable some attributes.
The bypass is to execute the notebook from any Github repository without any warning. So, by clicking open in the colab, the notebook got executed without prompt.
1. Create a new file in the public repository https://github.com/googlecolab/colabtools and generate a pull request.
and execute the code, no warning will be prompted for the user as the repository(googlecolab) is trusted instead the code is malicious
1. Presenting a malicious notebook to the victim (as a trusted google notebook) with no warning message.
2. The code I have used in POC can capture victims' media like cameras, voices, etc if previously saved in the browser.
Reported on 2 Jan 2020
Fixed on 16 Jan 2020
Bounty Awarded on 17 Jan 2020