Search results for

All search results
Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Google to shut down location revealing Chromecast and Google Home bug... in a month

Security researchers have discovered they can locate a Chromecast or Google Home to within a chilling ten meters of its actual location.

Published onJune 19, 2018

Google Chromecast Ultra 1
  • A security firm has found a vulnerability in Chromecast and Google Home devices that could let attackers find the location of their users.
  • The attack can be done remotely as long as the victim is connected to the same network as the device.
  • Google is expected to release a fix for the bug in mid-July.

Google has reportedly promised to fix a vulnerability in its Chromecast devices and Google Home speakers that could let attackers discover the location of users. According to Krebs on Security (via The Verge), Google will fix the problem with an update in mid-July.

The attack itself was found by security researcher Craig Young of security firm Tripwire. Attackers can exploit security weaknesses in Chromecasts and Google home speakers to get a list of nearby wireless networks. These can then be cross-checked using Google’s location services to get an accurate location.

OnePlus 6 security flaw lets anyone bypass its locked bootloader, but a fix is on the way
An image of the OnePlus 6 held out in a person's left hand with the screen on.

In testing, Young said he was able to consistently get a position within 10 meters of the device. This compares to a location two miles away when he tried to geolocate his IP address.

Young also said the attack can be done completely remotely as long as the attacker can get the victim to open a malicious link while connected to the same network as the device. The link would then need to stay open for around a minute. You can see how quickly it can be achieved in the video below.

What is blockchain technology and how does it work?
bitcoin lightning network

Young pointed out that the attack opens up the possibility of more realistic phishing or extortion attempts. While many people are used to anonymous — and often unspecific — email scams, attackers could use precise location information to make them all-the-more convincing (and dangerous).

It’s common advice but it’s worth saying again: avoid opening links you don’t understand or trust when you’re online. If you want to know more about IoT security, then you can check out our guide by clicking here.

Next up: Google Home Chromecast support – how it works, and what you need

You might like