Albert Health Google Cloud Service Account Key Exposure Vulnerability

A vulnerability exists in the Android application Albert Health, specifically in versions up to 1.7.3. The issue arises from an unknown function in the file resources/assets/service-account.json, which is part of the Google Cloud Service Account Key Handler component. This vulnerability allows for the unprotected storage of credentials, as the application embeds a full Google Cloud service account key file that can be extracted through reverse engineering. The exploitation of this vulnerability could lead to unauthorized access to Google Cloud resources, such as project listings and Cloud Storage files.

Impact

Exploitation of this vulnerability allows for unauthorized access to Google Cloud Platform using the extracted service account credentials. This includes access to cloud resources like project listings and Cloud Storage buckets, where files can be read, downloaded, uploaded, and more.

Reproduction

The vulnerability can be reproduced by downloading the Albert Health application version 1.7.3 on Android. Once installed, the application can be reverse-engineered to access the embedded Google Cloud service account key file located in the assets directory. This file can then be used to authenticate to Google Cloud Platform and gain access to various cloud resources.