Moneycontrol PRO
LAMF
LAMF

Google Home and Chromecast location bug to be fixed soon

A simple script can be run in the background that collects precise location data of users who have Google Home or Chromecast installed on their local network.
June 20, 2018 / 23:01 IST

Google will fix a vulnerability that exposes users' precise physical location of devices such as Google Home and Chromecast.

According to Tripwire security researcher, Craig Young New, a simple script can be run in the background that collects precise location data of users who have Google Home or Chromecast installed on their local network.

If a user, opens a link on the same Wi-Fi network for a minute, the devices reveal the location of the user.

Websites generally retain the IP address of all visitors and these can be used with geolocation tools to find the physical address, but such locations are inaccurate and cannot be used by a hacker.

“For example, if I geolocate my IP address right now, I get a location that is roughly 2 miles from my current location at work. For my home Internet connection, the IP geolocation is only accurate to about 3 miles. With my attack demo however, I’ve been consistently getting locations within about 10 meters of the device,” Young said in an interview with KrebsonSecurity.

Google Home and Chromecast generally use Google Cloud, but certain functions like setting a device's name are done through a local HTTP server, this is where there can be intrusions.

Young claimed that he managed to hijack the screen attached to a Chromecast as well.

Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol News

Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

Subscribe to Tech Newsletters

  • On Saturdays

    Find the best of Al News in one place, specially curated for you every weekend.

  • Daily-Weekdays

    Stay on top of the latest tech trends and biggest startup news.

Advisory Alert:

It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347