12.5 C
New York
Friday, October 30, 2020
Home News Fix upcoming for Google Home, Chromecast bug that can tattle on your...

Fix upcoming for Google Home, Chromecast bug that can tattle on your location

Your trusty Google Home speaker may not be all that trustworthy after all — at least, not for now. Security researcher Craig Young from the firm Tripwire has discovered a bug that allows both the Google Home and the Google Chromecast TV stick to share user location, which needless to say is less than ideal. Apparently, the bug works by exploiting a loophole, and results in cross-checking the wireless networks in the vicinity with Google’s exacting geolocation services.

But don’t worry — this vulnerability won’t be present for long. On Monday, June 18, security expert Brian Krebs reported that Google will fix the location privacy leak “in the coming weeks.” And not a moment too soon — exploiting the bug is apparently quite straightforward, and requires attackers to simply run a script in the background in order to collect location data on anyone with a Google Home or Chromecast installed on their local network. The attacker wouldn’t even need to be connected to your network; they would only need to send you a malicious link, and for you to keep that link open for about a minute while they triangulated your position.

“I’ve only tested this in three environments so far, but in each case the location corresponds to the right street address,” Young told Krebs. “The Wi-Fi based geolocation works by triangulating a position based on signal strengths to Wi-Fi access points with known locations based on reporting from people’s phones.” Although IP-based geolocation is only accurate to about three miles around the compromised device, the method that Young has discovered actually delivers location data to an accuracy of about 30 feet. Young has even produced a demo of the bug in action, which you can check out in the above video.

Krebs notes that Google only agreed to address the issue after he contacted them and informed the team that he would be publishing a piece about the problem. In fact, Young had previously made contact with Google, but the tech giant refused to issue a patch, noting that the geolocation feature was “intended behavior.” Clearly, Google has changed its tune, and now, the fix should go live in mid-July.

Editors’ Recommendations

  • Google Home Mini review
  • Google Home vs. Google Home Mini vs. Google Home Max: It’s all about the sound
  • Polk Assist is the audio company’s next step into the smart speaker market
  • Google awards teenager $36,000 as part of its bug bounty program
  • Here’s everything we saw at the action-packed Google I/O 2018 keynote



Latest

Step aside, iPad Mini: This Samsung is the cheap tablet to buy today

The 8-inch Samsung Galaxy Tab A, which is often compared with Apple's iPad Mini, is now on sale at Walmart with a $41 discount from its original price of $150.

The latest iPad 10.2 is so cheap right now we thought it was a mistake

The latest iPad was only released in September, but its price has already dipped below $300 with a $30 discount on its original price through a deal on Amazon.

Five reasons to upgrade to the iPhone 12 — and two reasons not to

The iPhone 12 is here, and you might be wondering whether or not you should upgrade. Here are five reasons to upgrade to the iPhone 12, and two reasons not to.

Save big on Amazon Kindle, Fire TV Stick, Ring Video Doorbell 3 today

Save big on the Amazon Fire TV Stick, Amazon Kindle, and Ring Video Doorbell 3 right now.