A security researcher from Portland, Oregon has uncovered a bug in Google Home and Chromecast that could potentially be used by cybercriminals to blackmail users.
The devices’ security flaw supposedly allows hackers to access information about the precise location of a particular wifi router via malicious links spread through social media or emails.
Hackers only need access to vulnerable computers connected to the router wherein the Google devices are also connected.
Once in the system, they can retrieve the user’s location through the Google Home or Chromecast devices.
Craig Young, the researcher who discovered the flaw, said that the location could be as accurate as several feet away from the device’s exact position.
This allows cybercriminals to make fraudulent messages more convincing by including information the victim has stored in their accounts.
The Google devices’ security flaw could potentially expose more than just the victim’s location
It could also include fake phone calls from the IRS or similar entities, or ask for cash with claims that they have webcam footage of the victim.
For their part, Google said they plan on releasing an update to fix the security issue in the upcoming weeks.
Google obtains your Internet router’s location data so it can pinpoint your position without a GPS signal, allowing them to use the information on services such as Google Maps.
First discovered in Mid-June, Craig Young learned he could gain access to a router’s location data stored in either of the Google devices through another computer connected to the same Internet connection.
According to Young’s report, he as able to extract data from the devices to determine the physical location of the devices with “astonishing accuracy”.
In an experiment to test the security flaw, Young created a website with malware that could remotely infect a computer and retrieve location data stored on Google devices in its proximity.
Links to the website could easily be spread via email, social media, and malicious online ads – allowing supposed hackers to access the devices and their information once the link is clicked.
Users could easily be affected by the bug through compromised links on social media or malicious emails
The security flaw in Google Home and Chromecast allows requests for the location of the router with the required authentication.
In the experiment he ran, Young discovered he could see the exaction location of his home router via his vulnerable Chromecast gadget.
He also learned that the bug affects both Windows and Mac computers, could be applied through Mozilla Firefox or Google Chrome, and could potentially be done remotely from almost any location.
Young added that the only “limitation is that the link needs to remain open for about a minute before the attack has a location.”
As cybercriminals discover or produce newer ways to infiltrate our systems, it is only smart to invest in reliable protection for your smart home and devices.
Trend Micro Home Network Security does just that, allowing you to manage and control your family’s devices at the same time.