Google Chromecast Bug Reveals Your Location

Google ChromeCast
Google ChromeCast
  • Cyber Security researcher Craig Young found Bug in Google Home and Google Chromecast gadgets

  • It allows a cyber-criminal to find your location.

  • Google is expecting to fix in coming weeks.

Security researcher Craig is working with security firm Tripwire Vulnerability and Exposures Research Team (VERT), his research has resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame.

The bug works on Linux, Mac and Windows system and could target you through a web browser.

Young added in the blog,

It turns out that although the Home app – which allows users to configure Google Home and Chromecast – performs most actions using Google’s cloud, some tasks are carried out using a local HTTP server. Commands to do things like setting the device name and WiFi connection are sent directly to the device without any form of authentication.

According to CNET report,

Craig could use the web browser on the computer as a stepping stone to reach Chromecast or Google Home smart speaker that was connected to the same router. In the research, he was able to grab information about his own location from his chromecast.

How does it works?

The attacker doesn’t need to connect with your network, they just need to send you malicious link through E-mail with Social Engineering technique, by clicking on the link your location would be shared with a cyber-criminal.

Browser extensions and mobile apps can use their unrestricted network access to directly query the devices without relying on or waiting for a DNS cache refresh. This gives advertisers a direct path to obtain location data without alerting the end-user. The location data can then be correlated with other tracked web activity and possibly tied to a specific real-world identity, Craig added.

The Bug is still not Fixed yet.

We are expecting, Google is going to release a security patch in the next few weeks for its Home devices and Chromecast TV streaming stick.

Watch Video:

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Oracle VirtualBox 6.1 Version Released – Bug Fixes

Oracle VirtualBox 6.1 Version Released with updated Linux Kernel 5.4 and many...
Read More

Leave a Reply