The tech giant, Google will soon fix the location data leak issue that gathers information about user’s current location having Google Chromecast installed anywhere near them. The websites run a small program in the background that enables the device to record user’s location information.
Craig Young, a security expert at Tripwire came across this verification weakness that leaks precise location information of the user. Chromecast or Google Home doesn’t need an authentication or verification while connecting it with other local networks. This is the reason where the main issue lies.
To elaborate on this issue, Young equipped attack software that allows Chromecast to scan all the nearby network devices. Once the devices are scanned, victim’s current location is tracked by incorporating the list to Google’s location services.
Young said, “An attacker can be far away as long as they get a victim who opens the malicious link and gets connected to the same Wi-Fi network of the Google Chrome.” “The limitation of this device is that the link should remain open for one minute before the attacker gets victim’s location. The content hacked by the attacker can contain malicious data or ads”, he further added.
Obtaining location information through Wi-Fi networks is riskier than obtaining it through an IP address. Websites keep the track of Internet protocol addresses of all the visitors. But the information obtained using the combination of IP addresses and geolocation tools is quite vague.
The device created by Young is quite appropriate. It can tell the exact distance between the device located in the kitchen and the other located in the basement. He said, “The geolocation based on Wi-Fi works by triangulating a position on the basis of signal strength to the Wi-Fi access points based on user’s current location.”
The impact of this vulnerability doesn’t limit to location data leak. Rather, you can be blackmailed and coercion crusades can be run against the victim. Initially, Google did not respond to Young ‘s research findings. It ignored him by replying, “Status: Won’t Fix” message. But, when another security researcher team, KrebsOnSecurity reported the same issue, the company promised to look into the matter and fix the issues from both the devices. The new update will be released soon, says the tech giant.
KrebsOnSecurity gave some security tips for security devices that run on Internet Of Things. All you need to do is create your own Intranet Of Things but partitioning the IoT devices from the local networks. This allows the other devices to rest completely on a different network and keeps your devices that you use to browse files and internet safety.
Another way to keep your devices secured is to augment another router on the network to all the other connected devices, Young concludes.