Skip to main content
  1. Home
  2. Smart Home
  3. News

Fix upcoming for Google Home, Chromecast bug that can tattle on your location

By
GoogleFindMyHomeDemo

Your trusty Google Home speaker may not be all that trustworthy after all — at least, not for now. Security researcher Craig Young from the firm Tripwire has discovered a bug that allows both the Google Home and the Google Chromecast TV stick to share user location, which needless to say is less than ideal. Apparently, the bug works by exploiting a loophole, and results in cross-checking the wireless networks in the vicinity with Google’s exacting geolocation services.

Recommended Videos

But don’t worry — this vulnerability won’t be present for long. On Monday, June 18, security expert Brian Krebs reported that Google will fix the location privacy leak “in the coming weeks.” And not a moment too soon — exploiting the bug is apparently quite straightforward, and requires attackers to simply run a script in the background in order to collect location data on anyone with a Google Home or Chromecast installed on their local network. The attacker wouldn’t even need to be connected to your network; they would only need to send you a malicious link, and for you to keep that link open for about a minute while they triangulated your position.

“I’ve only tested this in three environments so far, but in each case the location corresponds to the right street address,” Young told Krebs. “The Wi-Fi based geolocation works by triangulating a position based on signal strengths to Wi-Fi access points with known locations based on reporting from people’s phones.” Although IP-based geolocation is only accurate to about three miles around the compromised device, the method that Young has discovered actually delivers location data to an accuracy of about 30 feet. Young has even produced a demo of the bug in action, which you can check out in the above video.

Krebs notes that Google only agreed to address the issue after he contacted them and informed the team that he would be publishing a piece about the problem. In fact, Young had previously made contact with Google, but the tech giant refused to issue a patch, noting that the geolocation feature was “intended behavior.” Clearly, Google has changed its tune, and now, the fix should go live in mid-July.

Editors’ Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Nest Secure will be discontinued in April – prepare your smart home with these steps
Nest Secure Review

Google is dropping support for Nest Secure on April 8, at which time users will see a complete shutdown of its features. Whether you're using it as a bridge for your smart lock or as a home security system, the device will no longer connect to the internet, rendering it obsolete.

Google has already reached out to impacted users to let them know about the impending shutdown, but is there a replacement for Nest Secure available in 2024? And what exactly can you do to prepare for the discontinuation in April? Here's a look at everything you need to know about Nest Secure.
Check ADT for a Nest Secure replacement

Read more
Google Home adds new camera features and support for Nest Cam Outdoor
The interface on Google Home allowing you to capture custom clips.

Google Home is one of the best smart home platforms, and it's just gotten more exciting with the rollout of new camera features and support for the Nest Cam Outdoor. These updates are currently limited to Public Preview users, though we expect to see them launched to all users soon.

One of the biggest additions is support for the first-generation Nest Cam Outdoor. Google will be rolling out eligibility to users over the next few weeks -- so if you're a Public Preview user and don't have access right away, you may have to wait a bit longer. Once the feature has been pushed to your camera, you can use it like you would any other device in Google Home. This includes having access to an updated camera history interface.

Read more
The best smart home devices for 2023
The X2 Omni dock up against a wall.

With hundreds of incredible products available, it can be intimidating to piece together a smart home. From smart displays and thermostats to smart light bulbs and video doorbells, not only are there tons of categories to browse, but each category is filled with highly reviewed products that can be difficult to distinguish from one another. If you’re in the market for a new smart home gadget or are just starting your smart home journey, there are tons of factors to consider.

If you need help navigating all the products, here’s a look at the best smart home devices of 2023 across a wide variety of categories. It’s hard to go wrong with products from big names like Ring, Arlo, Amazon, and Google, but if you need a bit more guidance, here are some of our top picks.
Voice assistant

Read more