In the forthcoming weeks, Google is planning to launch a patch that will fix the bug in Chromecast TV streaming stick and Home smart speaker, which reveal user location data. At security firm Tripwire, a researcher Craig Young revealed that the bug exploits the loophole in the systems of Google, which checks the nearby lists of wireless networks with geo-location look-up services of Google.
User’s location can easily be triangulated by the malicious website with nearby Wi-Fi locations through Chromecast or Google Home. To receive data, these devices hardly need any third party authentication and wrongdoers easily collect sensitive information by exploiting generous permissions. Krebs explained how geo-location data of Google has the ability to locate user’s location, which differs from IP-based location.
He said that every website keeps a proper record of every visitor’s numeric IP address and along with online geo-location tools these addresses can easily be used to extract the information of region or hometown of every visitor. But usually, this information is inaccurate. It just gives a general idea of the location by using IP address.
However, this is certainly not the case with Google as geo-location data of Google comprises of wireless network’s comprehensive maps and the network gets linked with the physical location of individual Wi-Fi. By using the data, it’s very easy for Google to collect the accurate location of the user in few feet. It can do so by triangulating user in Wi-Fi access areas that are found nearby. Even if you remove your SIM card or turn your location off, the navigation apps can easily figure you out.
It is expected that the fix will arrive by mid-July and Google will certainly give the desired solution to this bug.