BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges.

This kind of hacking could lead to the theft of emails from Gmail, data from Google Drive, or other illegal activities in the Google Workspace APIs for all users in the target domain. Hunters told Google about this in a responsible way and worked closely with them before putting out this study.

Domain-wide delegation lets Google Cloud Platform (GCP) identity objects and Google Workspace apps delegate all of their tasks. For example, it lets GCP accounts do things on behalf of other Workspace users in Google SaaS apps like Gmail, Google Calendar, Google Drive, and more.

The design flaw, which the Hunters team has named “DeleFriend,” lets attackers change current delegations in GCP and Google Workspace without having the Super Admin role on Workspace, which is needed to make new delegates.

Instead, with less access to a target GCP project, they can make a lot of JSON web tokens (JWTs) with different OAuth scopes. The goal is to find the right mix of private key pairs and authorized OAuth scopes that show the service account has domain-wide delegation turned on.

The main reason for this is that the domain transfer setup is based on the service account resource identifier (OAuth ID), not the private keys that are linked to the service account identity object.

Furthermore, there were no limits put on the fuzzing of JWT pairs at the API level. This means that there are a lot of ways to find and take over current delegations.

This flaw poses a special risk due to potential impact described above and is amplified by the following:

  • Long Life: By default, GCP Service account keys are created without an expiry date. This feature makes them ideal for establishing backdoors and ensuring long-term persistence.
  • Easy to hide: The creation of new service account keys for existing IAMs or, alternatively, the setting of a delegation rule within the API authorization page is easy to conceal. This is because these pages typically host a wide array of legitimate entries, which are not examined thoroughly enough.
  • Awareness: IT and Security departments may not always be cognizant of the domain-wide delegation feature. They might especially be unaware of its potential for malicious abuse.
  • Hard to detect: Since delegated API calls are created on behalf of the target identity, the API calls will be logged with the victim details in the corresponding GWS audit logs. This makes it challenging to identify such activities. 

“The potential consequences of malicious actors misusing domain-wide delegation are severe. Instead of affecting just a single identity, as with individual OAuth consent, exploiting DWD with existing delegation can impact every identity within the Workspace domain,” says Yonatan Khanashvili of Hunters’ Team Axon.

The range of possible actions varies based on the OAuth scopes of the delegation. For instance, email theft from Gmail, data exfiltration from the drive, or monitor meetings from Google Calendar.

In order to execute the attack method, a particular GCP permission is needed on the target Service Accounts. However, Hunters observed that such permission is not an uncommon practice in organizations making this attack technique highly prevalent in organizations that don’t maintain a security posture in their GCP resources. “By adhering to best practices, and managing permissions and resources smartly, organizations can dramatically minimize the impact of the attack method” Khanashvili continued. 

Hunters has created a proof-of-concept tool (full details are included in the full research) to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks. Using this tool, red teams, pen testers, and security researchers can simulate attacks and locate vulnerable attack paths of GCP IAM users to existing delegations in their GCP Projects to evaluate (and then improve) the security risk and posture of their Workspace and GCP environments. 

Hunters’ Team Axon has also compiled comprehensive research that lays out exactly how the vulnerability works as well as recommendations for thorough threat hunting, detection techniques, and best practices for countering domain-wide delegation attacks.

Hunters responsibly reported DeleFriend to Google as part of Google’s “Bug Hunters” program in August, and are collaborating closely with Google’s security and product teams to explore appropriate mitigation strategies. Currently, Google has yet to resolve the design flaw.

Read the full research here, and follow Hunters’ Team Axon on Twitter.

About Hunters

Hunters delivers a Security Operations Center (SOC) Platform that reduces risk, complexity, and cost for security teams. A SIEM alternative, Hunters SOC Platform provides data ingestion, built-in and always up-to-date threat detection, and automated correlation and investigation capabilities, minimizing the time to understand and respond to real threats.

Organizations like, ChargePoint, Yext, Upwork and Cimpress leverage Hunters SOC Platform to empower their security teams. Hunters is backed by leading VCs and strategic investors including Stripes, YL Ventures, DTCP, Cisco Investments, Bessemer Venture Partners, U.S. Venture Partners (USVP), Microsoft’s venture fund M12, Blumberg Capital, Snowflake, Databricks, and Okta.

Yael Macias
[email protected]


Please enter your comment!
Please enter your name here