An IP Address Vulnerability Took Down Some Google Services for 1 Hour
It might have been for just an hour, but some of Google’s services went down on Monday, November 12. The outage was reportedly caused by an improper rerouting of IP addresses and the moving of traffic away from the usual ports towards China and Russia instead, Ars Technica reports.
Though the rerouting that caused the outage is not thought to be malicious, it temporarily impacted Spotify and Google Cloud in the United States. Encrypted traffic relating to Google’s own corporate WAN infrastructure and VPN services were also redirected, but not compromised as part of the outage.
Google deems the entire situation “accidental,” according to reports. It was initially caused by a cable company based in Nigeria which improperly rerouted hundreds of Google-owned IP addresses as its own as part of a planned network upgrade. This eventually led to two other Russia and China-based carriers accepting the IP changes. Suspiciously, China Telecom, a provider which was guilty of certain similar IP address re-routes in the past, also accepted the accidental changes and then directed them worldwide.
“We’re aware that a portion of Internet traffic was affected by incorrect routing of IP addresses, and access to some Google services was impacted. The root cause of the issue was external to Google and there was no compromise of Google services,” Google said.
Cloudflare, a Google partner, was also later impacted by a separate IP address misdirection. Part of the same process set by the same Nigerian, Russian, and Chinese cable companies, the changes were quickly and automatically reserved. It all still raised serious concerns about the security of the entire IP address routing infrastructure.
“If there was something nefarious afoot there would have been a lot more direct, and potentially less disruptive/detectable, ways to reroute traffic. This was a big, ugly screw up. Intentional route leaks we’ve seen to do things like steal cryptocurrency are typically far more targeted,” Cloudflare CEO Matthew Prince told Ars Technica.
While these changes didn’t last for very long, it still was relatively unnoticed until consumers and customers reported issues. It was reported on Twitter that the IP changes came in five intervals, all of which were corrected within 74 minutes.