Monday , December 17 2018 Ausdroid » News » Your Google Home and Chromecast can give your location away – but Google is working on a fix

The adoption of smart devices in our homes is growing, and a new report says that if you’re using a Google Home, or even a Chromecast those devices can give someone looking, quite accurate location data.

The report from Craig Young, a researcher with security firm Tripwire, says that the vulnerability stems from an authentication issue on the devices. Young said that because devices rarely require authentication for connections received on a local network, an attacker who gains access is able to request a list of nearby wireless networks from a Chromecast or Google Home on a network, and then send a request with that information to Google’s geolocation lookup services.

In an interview with website Krebs on Security, Young told them

An attacker can be completely remote as long as they can get the victim to open a link while connected to the same Wi-Fi or wired network as a Google Chromecast or Home device. The only real limitation is that the link needs to remain open for about a minute before the attacker has a location. The attack content could be contained within malicious advertisements or even a tweet.

The good news is that Google is working on a fix for this – although they almost weren’t with Young saying that when he first reported the issue to Google in May, the bug report was marked as ‘Won’t Fix (Intended Behavior)’. Google has since re-considered and has advised that there will be an update to fix the issue coming next month.

At this stage the vulnerability doesn’t appear to have been used in the wild, but Young does recommend that any IoT devices on your network be on a separate network to your computer.

Source: TripWire.
Via: Krebs on Security.

Daniel Tyson   Ausdroid's Editor in Chief

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

Notify of

Check Also

Alcatel celebrates 2018 and looks to 2019, including a deeper connection to the Rabbitohs

Alcatel’s sponsorship of the South Sydney Rabbitohs is a key component of its involvement with …