Google will fix a vulnerability that exposes users' precise physical location of devices such as Google Home and Chromecast.
According to Tripwire security researcher, Craig Young New, a simple script can be run in the background that collects precise location data of users who have Google Home or Chromecast installed on their local network.
If a user, opens a link on the same Wi-Fi network for a minute, the devices reveal the location of the user.
Websites generally retain the IP address of all visitors and these can be used with geolocation tools to find the physical address, but such locations are inaccurate and cannot be used by a hacker.
“For example, if I geolocate my IP address right now, I get a location that is roughly 2 miles from my current location at work. For my home Internet connection, the IP geolocation is only accurate to about 3 miles. With my attack demo however, I’ve been consistently getting locations within about 10 meters of the device,” Young said in an interview with KrebsonSecurity.
Google Home and Chromecast generally use Google Cloud, but certain functions like setting a device's name are done through a local HTTP server, this is where there can be intrusions.
Young claimed that he managed to hijack the screen attached to a Chromecast as well.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
