Information technology and information security training experts have found a strange and maybe dangerous flaw in the privacy of these devices that could filter their location to potential attackers.
In simple terms, this failure would allow web sites to gather the exact geographical location of users of these devices, executing a malicious script. Google, on the other hand, declares itself aware of this situation and is committed to solving it in the following weeks.
According to specialists in information security training from the International Institute of Cyber Security, this failure represents a serious threat to the user’s security because, unlike the location of IP address, this provides people’s exact localization.
This flaw is related to the method that these devices use to interact with nearby wireless networks without any authentication, such as naming devices or configuring a WiFi network.
For example, if an attacker decides to exploit this flaw, he does not need to be physically close to the user, the attacker only requires that the victim keep a website open long enough while they are connected on the same network as their Google Chromecast or Google Home.
A hacker can keep remote distance while complying with the above; the only limiting is that the site should remain open for about a minute, so the hacker can find the location of the victim.
According to Google reports, millions of people around the world use Chromecast and Home, implying that millions are exposed to these attacks. This is not the first time that Google Home triggers an alarm for a similar reason; According to specialists in information security training, the Google Home Mini device has been discovered recording the conversations of its users because of “touch panel flaws”.