+ Wednesday August 21st, 2019

The adoption of smart devices in our homes is growing, and a new report says that if you’re using a Google Home, or even a Chromecast those devices can give someone looking, quite accurate location data.

The report from Craig Young, a researcher with security firm Tripwire, says that the vulnerability stems from an authentication issue on the devices. Young said that because devices rarely require authentication for connections received on a local network, an attacker who gains access is able to request a list of nearby wireless networks from a Chromecast or Google Home on a network, and then send a request with that information to Google’s geolocation lookup services.

In an interview with website Krebs on Security, Young told them

An attacker can be completely remote as long as they can get the victim to open a link while connected to the same Wi-Fi or wired network as a Google Chromecast or Home device. The only real limitation is that the link needs to remain open for about a minute before the attacker has a location. The attack content could be contained within malicious advertisements or even a tweet.

The good news is that Google is working on a fix for this – although they almost weren’t with Young saying that when he first reported the issue to Google in May, the bug report was marked as ‘Won’t Fix (Intended Behavior)’. Google has since re-considered and has advised that there will be an update to fix the issue coming next month.

At this stage the vulnerability doesn’t appear to have been used in the wild, but Young does recommend that any IoT devices on your network be on a separate network to your computer.

Source: TripWire.
Via: Krebs on Security.

Daniel Tyson  


Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

Notify of

Check Also

Google Go is a lightweight but powerful search app, now available everywhere

There are a lot of entry-level phones in the market place and these entry-level phones …