Express Computer

Home  »  News  »  Tenable Research Identifies Critical ‘LookOut’ Vulnerabilities in Google Looker

Tenable Research Identifies Critical ‘LookOut’ Vulnerabilities in Google Looker

News
By Express Computer
Tenable Research Identifies Critical ‘LookOut’ Vulnerabilities in Google Looker
Liv Matan, Senior Research Engineer, Tenable
0 24

Tenable Research has uncovered two critical vulnerabilities, collectively named “LookOut”, in Google Looker, a widely used business intelligence and analytics platform deployed by more than 60,000 organisations across 195 countries.

The most severe finding is a remote code execution (RCE) chain that could allow attackers to execute arbitrary commands on a Looker server, effectively granting full administrative control. Exploitation of this vulnerability could enable threat actors to steal sensitive credentials, manipulate analytics data, or move laterally into an organisation’s internal network. In cloud-based deployments, the flaw could potentially expose systems to cross-tenant access risks.

“This level of access is particularly dangerous because Looker often acts as the central nervous system for corporate data,” said Liv Matan, Senior Research Engineer at Tenable, who led the research. “A successful breach could allow attackers not only to manipulate business-critical data but also to pivot deeper into an organisation’s private internal environment.”

Theft of the internal management database is also possible.

The second vulnerability enables the complete extraction of Looker’s internal management database. By coercing the platform into connecting to its own internal database, Tenable researchers demonstrated how attackers could exfiltrate sensitive information, including user credentials, configuration data and internal secrets, using advanced data-extraction techniques.

While Google has already mitigated these issues for customers using its managed Looker cloud service, the risk remains significant for organisations running self-hosted or on-premises Looker deployments. These customers are responsible for manually applying the required security patches and hardening their environments to prevent potential administrative compromise.

“Securing platforms like Looker is inherently challenging because they provide powerful capabilities such as SQL execution and indirect interaction with the underlying file system,” Matan added. “However, given the sensitivity of the data these systems manage, ensuring architectural security is critical.”

Guidance for security teams

To detect potential exploitation attempts, Tenable advises administrators to monitor for specific indicators of compromise, including:

  • Unexpected or unauthorised files within the .git/hooks/ directory of Looker project folders, particularly scripts named pre-push, post-commit, or applypatch-msg
  • Application logs showing unusual SQL errors or patterns consistent with error-based SQL injection attempts, especially those targeting internal Looker database connections such as looker__ilooker
Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.