All freely accessible from the Web, various tools are now available foranalysis in binary files and URLs. Just to name a few, Urlscan.io, Hybrid Analysis e Cloudflare Radar URL Scanner play an essential role in verifying the safety of any type of file.
Many users use these tools to check the legitimacy of URL e publicly accessible resources. In fact, it often happens that you receive a link that points to a service storage cloud because, for example, the sender has set up a URL that is accessible without particular authorizations. In other words, anyone who owns the link can view the resources it points to, using any device and any web browser.
Online file scanning services retain links to private files submitted by users
A little known aspect of online scanning services it is their propensity to maintain a large number of private links and URLs referring to private files.
As an independent researcher discovered, examining the history of online scanners such as those mentioned at the beginning, there are explicit references to private resources which should not have been exposed. Among the links found, there are references to files stored in the cloud, to objects that point directly to NAS devices, to shared file servers and information that allows password reset or access via OAuth.
By consulting the “history” of the various scanners available on the Web, the researcher found tax documents, invoices, photos, company communications, private files, recordings of video devices from smart home devices and much more.
The problem of personal resources scattered to the four winds: whose responsibility is it?
The author of the research on the behavior of online scanning services correctly observes that the terms and conditions of use exempt suppliers from any responsibility. The absence of mechanisms for the automatic review and removal of links referring to reserved resources contributes to a problem that is certainly of considerable importance.
Tools like Urlscan Pro They offer broader access to scan results, but this raises concerns about privacy and security management. The sharing of confidential information, as such, would in fact require careful verification regarding theuser identity. The risk is that, even unknowingly, a person finds data published online that should have remained kept with the utmost care.
Is Urlscan That Hybrid Analysis offer options to report and remove URLs that reference sensitive data. However, the process can be complex and may not lead to a complete resolution of the problem.
The presence of “Reserved URLs” scattered to the four winds seems to be an increasingly current challenge in the world of cybersecurity. Some “bounty hunters” often carry out massive scans online and then inform companies about the data that is accessible online and which should instead remain “secret”.
Then there is the problem of individual responsibility: anyone who shares confidential information online without having the right to do so is committing an illegal operation. Even if, unwisely, he does not understand that those same private files could become publicly visible.
Use online scanners but… carefully
Platforms designed to analyze online threats, verify URLs, and provide user safety insights are truly valuable tools. As a general tip, however, they should never be used to request scanning of content that is and should remain personal.
- urlscan.io: is an online service that offers advanced tools for URL crawling. This platform allows users to perform deep scans of specific URLs, collecting detailed website data and identifying potential threats. urlscan.io uses a variety of scanning tools and engines to deeply examine the behavior of a remote urldetecting suspicious activity such as phishing, malware or other security threats.
- Hybrid Analysis: it is a tool that focuses ondynamic analysis of malware. It allows users to check any suspicious files or URLs to identify malicious behavior or malicious activity. Through the use of sandbox and advanced tools, Hybrid Analysis provides detailed information on the actions taken by files or URLs during their loading. We talked about Hybrid Analysis in the article containing tips on how to check if a file is infected before even opening it.
- Cloudflare Radar URL Scanner: is a component of the Cloudflare security suite that focuses on identifying malicious or suspicious URLs. This service takes advantage of Cloudflare’s extensive network to to monitor and constantly analyze the Web traffic. Using advanced machine learning and threat detection algorithms, the Radar URL Scanner quickly identifies potential risks and helps protect users from phishing, malware, and other online attacks.
In conclusion
It is not the first time that a spotlight has been shone on the behavior of online scanning services. Already in 2022 we highlighted how crucial it is to prevent the uploading of personal data to online anti-malware scanning services because it could be seen by everyone.
The analysis just published confirms that nothing has changed compared to two years ago and that the problem still remains very topical today.
Opening image credit: iStock.com – Feodora Chiosea