Skip to main content

Fix upcoming for Google Home, Chromecast bug that can tattle on your location

GoogleFindMyHomeDemo

Your trusty Google Home speaker may not be all that trustworthy after all — at least, not for now. Security researcher Craig Young from the firm Tripwire has discovered a bug that allows both the Google Home and the Google Chromecast TV stick to share user location, which needless to say is less than ideal. Apparently, the bug works by exploiting a loophole, and results in cross-checking the wireless networks in the vicinity with Google’s exacting geolocation services.

But don’t worry — this vulnerability won’t be present for long. On Monday, June 18, security expert Brian Krebs reported that Google will fix the location privacy leak “in the coming weeks.” And not a moment too soon — exploiting the bug is apparently quite straightforward, and requires attackers to simply run a script in the background in order to collect location data on anyone with a Google Home or Chromecast installed on their local network. The attacker wouldn’t even need to be connected to your network; they would only need to send you a malicious link, and for you to keep that link open for about a minute while they triangulated your position.

“I’ve only tested this in three environments so far, but in each case the location corresponds to the right street address,” Young told Krebs. “The Wi-Fi based geolocation works by triangulating a position based on signal strengths to Wi-Fi access points with known locations based on reporting from people’s phones.” Although IP-based geolocation is only accurate to about three miles around the compromised device, the method that Young has discovered actually delivers location data to an accuracy of about 30 feet. Young has even produced a demo of the bug in action, which you can check out in the above video.

Krebs notes that Google only agreed to address the issue after he contacted them and informed the team that he would be publishing a piece about the problem. In fact, Young had previously made contact with Google, but the tech giant refused to issue a patch, noting that the geolocation feature was “intended behavior.” Clearly, Google has changed its tune, and now, the fix should go live in mid-July.

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Google Home adds support for Nest Cam Indoor
A cartoon depiction of the Google Home app and Nest Cam Indoor.

Google Home is continuing to expand its roster, with Google today adding support for the Nest Cam Indoor (1st Gen). This allows you to manage all aspects of your camera, such as checking your notification history and accessing your camera feed.

There’s a bit of a catch, as support for Nest Cam Indoor is only available in Public Preview. To join Public Preview and gain early access to the feature, you’ll need to dive into the Settings on your Home app and select Join Public Preview. You’ll then get a prompt to update Public Preview -- accept this invitation, and you’ll see another prompt letting you know when you’re eligible to transfer your camera to Google Home.

Read more
The best Google Home tips, tricks, and Easter eggs
google home tips and tricks top

Google Home is one of the best smart home platforms of 2023. Some of its benefits are obvious -- such as being able to dish out voice commands or check in on all your gadgets in one location using the smartphone app -- but others are a bit more obscure. In fact, some of the best Google Home features can’t be found without a bit of digging.

To help you get the most out of Google Home, here’s a long list of tips, tricks, and even a few Easter eggs to maximize the system’s potential. Whether you’re looking to easily connect all your smart home gadgets or just want a funny trick to show off at your next party, there’s bound to be something you didn’t know about Google Home listed below.
'Hey, Google'

Read more
Wildfire smoke prompts Google to issue work-from-home advisory
google-office

Google has told its employees in the northeast of the U.S. to work from home in order to limit their exposure to smoke drifting in from hundreds of wildfires in Canada.

Dramatic news images of New York City disappearing in a smoky haze on Wednesday showed the extent of the dire air quality as fires in eastern Canada continue to burn. Data later revealed that the air quality in the metropolis on Wednesday was the worst of any city globally.

Read more