Deleted Google API Keys Continue Functioning for Nearly 25 Minutes After Removal
Recent cybersecurity research has uncovered a critical vulnerability in Google’s API key management system. According to findings by Aikido Security, deleted Google API keys remain active for up to 23 minutes after removal, creating potential security risks for applications relying on Google services like Maps and Gemini AI.
About the Role
This cybersecurity research highlights ongoing vulnerabilities in cloud API management that require immediate attention. The findings demonstrate how leaked API keys could allow attackers to make unauthorized calls, incur unexpected charges, and potentially access sensitive data through Gemini AI integrations. The research underscores the need for robust API security protocols in modern cloud environments.
Key Responsibilities
- Investigate API key persistence vulnerabilities in major cloud platforms
- Analyze authentication delays during key revocation processes
- Document security risks associated with cached API authentications
- Develop mitigation strategies for enterprises using Google Cloud services
- Collaborate with security teams to implement immediate protective measures
- Publish findings through proper disclosure channels
- Monitor for similar vulnerabilities across other cloud providers
Requirements
- Proven experience in cloud security research or API vulnerability testing
- Deep understanding of Google Cloud Platform authentication mechanisms
- Familiarity with OAuth 2.0 and API key management systems
- Ability to replicate and document security flaws in controlled environments
- Knowledge of cybersecurity disclosure best practices
- Strong analytical skills for identifying attack vectors
Compensation & Benefits
While specific compensation details aren’t provided, research roles in cloud security typically offer competitive packages including health benefits, professional development opportunities, and flexible work arrangements.
How to Apply
Interested cybersecurity professionals can learn more about this research and related opportunities by using the Apply button above, which directs to the original security advisory.
For those exploring similar roles, NetworkUstad features several relevant cybersecurity positions: