© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
Google will fix a new bug found in its Chromecast TV streaming service and Google Home speakers. The vulnerability, first spotted by Tripwire security analyst Craig Young, discloses the location of Chromecast and Google Home users. In addition, a report from The Verge, quoting security reporter Brian Krebs, claims that Google could provide a fix through an update slated for mid July.
As per Young, the vulnerability allows attackers to exploit security flaws from Chromecast and Google Home speakers, and uses those to find Wi-Fi servers nearby. Hackers can then cross-check these connections via Google Maps, to pinpoint their location. While checking for the nature of flaw, Young found through his tests that it could find a position within 10 metres of these devices. Even through geolocation, he was able to find the server, located two miles away. Users will be vulnerable to the flaw, if they open any malicious links while the attacker remains connected to the Wi-Fi server. Through this, locations can be disclosed within a minute.
Also read: Google’s Datally updated with Guest Mode, Wi-Fi Map, more features
Google’s geolocation services, in addition to lack of third-party authentication needed by Chromecast or Google Home, means that every user of these products is at risk. This flaw can create a bigger risk, as users could receive ransomware, or be subjected to phishing attacks. When Craig Young contacted Google over the vulnerability, the company said that geolocation was the ‘intended behaviour’ of these devices. When subsequently reached by Krebs, though, it acknowledged the flaw only after Krebs said he intended to write about it. Google has said that an update slated for mid-July will remove the flaws from Chromecast and Google Home.
