Google Home and Chromecast devices could be giving away your location

Google Home and Chromecast GPS location leak [Fix Incoming]

Google to Fix Location Data Leak in Google Home, Chromecast

'The attack content could be contained within malicious advertisements or even a tweet'. In many cases, IP geolocation offers only a general idea of where the IP address may be based geographically.

According to the source link below, Google is apparently planning on rolling out "an update to address the privacy leak in both devices".

The difference between this method and basic IP geolocation, he notes, is precision. It is common for networks to work with Internet Protocol (IP) addresses within the network, and that includes location information which is in most cases imprecise (region or area only). For my home Internet connection, the IP geolocation is only accurate to about 3 miles. "With my attack demo however, I've been consistently getting locations within about 10 meters of the device". In his own testing, Young said the data he pulled accurately pinpointed his house.

"I've only tested this in three environments so far, but in each case the location corresponds to the right street address", Young said.

The trick, Young said, is made possible my analyzing signal strengths for surrounding Wi-Fi networks and then triangulating a position based on mapped Wi-Fi access points.

Google collects information about the precise location of your Wi-Fi router so it can pinpoint your position without a Global Positioning System signal.

The bug in these devices essentially allows any website to see nearby wireless connections and cross-reference with Google's database to determine the precise location of the user. As Young says, you can be blackmailed, have extortion campaigns run against yourself. “Threats to release compromising photos or expose some secret to friends and family could use this to lend credibility to the warnings and increase their odds of success, ” he said.

England's cricketers set one-day record against Australia
With a 2-0 lead in the series, England will go for the kill and emphasize their status as the World no 1 side in ODI cricket. Hales eventually holed out for 147 on his Nottinghamshire home ground after opener Jonny Bairstow had made 139.

The issue was identified by Tripwire VERT's Craig Young earlier this month and reported to Google well in advance of any public release. Now, the company plans to push an update to Google Home and Chromecast devices in mid-July which should fix the problem.

The OnePlus 6 might be the flawless Pixel alternative, but it also features a serious security flaw that thankfully will be fixed in a software update, reported XDA Developers.

The issue is that Home and Chromecasts don't require authentication for commands that come over your local network. "If you have a device and it allows you to do something without a password, it's very likely that an attacker can do the same using a malicious mobile app or via web pages with DNS binder rebinding, or via some other technique we haven't thought of yet".

A much easier solution is to add another router on the network specifically for connected devices.

The attack can be done remotely as long as the victim is connected to the same network as the device.

The only way to completely mitigate the risk of being tracked by these kinds of devices is to disconnect them, according to Young, although using professional network segmentation or a separate router for connected smart-home items can help thwart attacks.

Latest News