Google Home security breach sends your location to hackers

Google says it's fixing the problem in July

By Lauren Barack

Published June 21, 2018 4:03PM (EDT)

The Google Home is displayed at a Target media preview, Tuesday, Oct. 25, 2016, in New York. Target is building on last year’s successful holiday formula of luring shoppers with plenty of exclusives, clever marketing and exciting presentations. But it’s more laser focused on luring shoppers with deals as it plans its attack to win back shoppers it lost in the spring and summer. (AP Photo/Mark Lennihan) (AP)
The Google Home is displayed at a Target media preview, Tuesday, Oct. 25, 2016, in New York. Target is building on last year’s successful holiday formula of luring shoppers with plenty of exclusives, clever marketing and exciting presentations. But it’s more laser focused on luring shoppers with deals as it plans its attack to win back shoppers it lost in the spring and summer. (AP Photo/Mark Lennihan) (AP)

This article originally appeared on GearBrain.
Gear Brain

Google Home and Chromecast can send their specific location to people running a program that dupes the devices to revealing where they are by the network they're connected as they work.

Discovered earlier this year, the problem came to Google's attention by a Tripwire researcher Craig Young — but the tech giant dismissed the issue. That is, until KrebsonSecurity, came knocking back on Google's door, getting the company to agree to build a patch by mid-July.

The attack requires someone to click on a phishing link — which runs a script that locates the location of the devices in about a minute. Details are specific enough down to a street address.

Google Home isn't immune to kinks in its system. When first released, the Google Home Mini was caught recording everything it heard, and sending the data back to Google. Both Amazon Alexa and Google Home required patches in 2017 from the Bluetooth-based BlueBourne hack. And most recently, Amazon admitted an Echo smart speaker recorded a couple at home, saved the audio, and sent the files to someone on their contact list — all on its own.

It's no wonder two-thirds of adults in six countries have expressed concerns about theirsmart devices being hacked.

Sending the exact address of a device's location gives more personal information to hackers who, as Young said, could use the details to make other kinds of threat attacks, seem more real.

The best way to protect devices from being hacked is of course to unplug them. That's not ideal, as that renders any connected gadget into a fancy expensive brick — probably not why someone bought them in the first place.

Young suggests adding a second router for connected devices, separate from a router kept from heavily used smartphones and computers. That doesn't completely keep everything safe from intrepid hackers— but it does add another step which for some script kiddies may be enough of headache to take.

Top Trending

Check out the major news stories of the day


Lauren Barack

MORE FROM Lauren Barack