Google Home and Chromecast devices could be giving away your location

Google Home and Chromecast devices could be giving away your location

Google Home and Chromecast devices could be giving away your location

'The attack content could be contained within malicious advertisements or even a tweet'. In many cases, IP geolocation offers only a general idea of where the IP address may be based geographically.

According to the source link below, Google is apparently planning on rolling out "an update to address the privacy leak in both devices".

The difference between this method and basic IP geolocation, he notes, is precision. It is common for networks to work with Internet Protocol (IP) addresses within the network, and that includes location information which is in most cases imprecise (region or area only). For my home Internet connection, the IP geolocation is only accurate to about 3 miles. "With my attack demo however, I've been consistently getting locations within about 10 meters of the device". In his own testing, Young said the data he pulled accurately pinpointed his house.

"I've only tested this in three environments so far, but in each case the location corresponds to the right street address", Young said.

The trick, Young said, is made possible my analyzing signal strengths for surrounding Wi-Fi networks and then triangulating a position based on mapped Wi-Fi access points.

Google collects information about the precise location of your Wi-Fi router so it can pinpoint your position without a Global Positioning System signal.

The bug in these devices essentially allows any website to see nearby wireless connections and cross-reference with Google's database to determine the precise location of the user. As Young says, you can be blackmailed, have extortion campaigns run against yourself. “Threats to release compromising photos or expose some secret to friends and family could use this to lend credibility to the warnings and increase their odds of success, ” he said.

Ceiling collapses onto busy escalator
Tourist in China got an unexpected surprise when the ceiling collapsed onto a packed escalator, and it was all caught on camera. Officials did not disclose the extent of the injuries, and are investigating what caused the decoration to come crashing down.

The issue was identified by Tripwire VERT's Craig Young earlier this month and reported to Google well in advance of any public release. Now, the company plans to push an update to Google Home and Chromecast devices in mid-July which should fix the problem.

The OnePlus 6 might be the flawless Pixel alternative, but it also features a serious security flaw that thankfully will be fixed in a software update, reported XDA Developers.

The issue is that Home and Chromecasts don't require authentication for commands that come over your local network. "If you have a device and it allows you to do something without a password, it's very likely that an attacker can do the same using a malicious mobile app or via web pages with DNS binder rebinding, or via some other technique we haven't thought of yet".

A much easier solution is to add another router on the network specifically for connected devices.

The attack can be done remotely as long as the victim is connected to the same network as the device.

The only way to completely mitigate the risk of being tracked by these kinds of devices is to disconnect them, according to Young, although using professional network segmentation or a separate router for connected smart-home items can help thwart attacks.

Latest News