Privacy leak found in Google Home and Chromecast
That allows hackers to pinpoint your precise location 😳
Posted on June 18, 2018 11:04 PM.
Krebs On SecurityBrian Krebs
Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.
The VergeNick Statt
Essentially, by using the location gleaned by nearby Wi-Fi networks through a Google Home or Chromecast, a malicious website can triangulate a user’s location. And because those devices rarely require authentication from third parties to receive data on local networks, bad actors could exploit the generous permissions to collect that sensitive data.
While normal websites can track you with your IP address, which can determine your location within a couple miles, Google's devices like every WiFi around the world to help triangulate your position, similar to how your phone's location can be triangulated using cell towers. This method yields much higher accuracy, and can determine your device's position within 30 feet 😳 Despite sounding somewhat harmless, the vulnerability could allow added legitimacy to phishing campaigns, or allow blackmailers to find your exact address.
To be clear, this isn’t an exploit that requires the attacker to be on the same network as you. It simply requires that you click a link and leave that page open for about a minute to actually obtain the location data. Given enough content on the page, that’s not too tall an order.
A security researcher contacted Google about the vulnerability, and while originally marked as intended behavior, Google has since changed their position. A fix is expected to be delivered in July.
Until then, we'll be disconnecting our devices 😅
Interested in product and tech related news? Check out the Sip News app by Product Hunt. Every weekday, Sip surfaces the most exciting and essential tech stories of the day. You can download it now for iOS or Android.
Sip News Summaries
The most important tech stories, curated daily.