Google to shut down location revealing Chromecast and Google Home bug… in a month

0
249

Google Chromecast Ultra 1

  • A security firm has found a vulnerability in Chromecast and Google Home devices that could let attackers find the location of their users.
  • The attack can be done remotely as long as the victim is connected to the same network as the device.
  • Google is expected to release a fix for the bug in mid-July.

Google has reportedly promised to fix a vulnerability in its Chromecast devices and Google Home speakers that could let attackers discover the location of users. According to Krebs on Security (via The Verge), Google will fix the problem with an update in mid-July.

The attack itself was found by security researcher Craig Young of security firm Tripwire. Attackers can exploit security weaknesses in Chromecasts and Google home speakers to get a list of nearby wireless networks. These can then be cross-checked using Google’s location services to get an accurate location.

Editor’s Pick

related article

OnePlus 6 security flaw lets anyone bypass its locked bootloader, but a fix is on the way

The OnePlus 6 might be the perfect Pixel alternative, but it also features a serious security flaw that thankfully will be fixed in a software update, reported XDA Developers.
According to Edge Security LLC president and XDA …

In testing, Young said he was able to consistently get a position within 10 meters of the device. This compares to a location two miles away when he tried to geolocate his IP address.

Young also said the attack can be done completely remotely as long as the attacker can get the victim to open a malicious link while connected to the same network as the device. The link would then need to stay open for around a minute. You can see how quickly it can be achieved in the video below.

Editor’s Pick

related article

What is a blockchain? – Gary Explains

If you have heard of Bitcoin or any of the other cryptocurrencies, then you have probably heard the word blockchain or the term "blockchain technology". But what is a blockchain? How does it apply to …

Young pointed out that the attack opens up the possibility of more realistic phishing or extortion attempts. While many people are used to anonymous — and often unspecific — email scams, attackers could use precise location information to make them all-the-more convincing (and dangerous).

It’s common advice but it’s worth saying again: avoid opening links you don’t understand or trust when you’re online. If you want to know more about IoT security, then you can check out our guide by clicking here.

Next up: Google Home Chromecast support – how it works, and what you need

via Android Authority

June 19, 2018 at 01:15AM