Google Home and the Chromecast are surely among the best products which Google has released in the recent times. Both the products are used by a wide range of consumers and are among the successful products launched by the tech giant. However, it seems that like all the other IoT devices both these devices have also some security-related issues. As per some reports, it is being hinted that there could be a major privacy breach in both of the devices.
It is being reported that there is a bug in the Google Home and the Chromecast that allows the websites to collect user data location precisely. The bug was first reported by a researcher Craig Young at the security firm Tripwire. According to him, the bug works by exploiting a loophole in the Google's system to look for a list of nearby wireless networks along with the Google's precise geo-location lookup services.
The bug makes use of the location obtained by the nearby Wi-Fi networks using a Google Home or Chromecast in order to track a user's location using a malicious website. The fact which is more concerning is that these devices hardly need any authentication, which any third party could use to access a user's personal address in very less time.
According to security reporter Brain Krebs, this is the way how Google's geolocation data gives the third party the ability to "determine a user's location within a few feet" which is different from a user's standard IP-based geolocation, he further added that:
It is common for websites to keep a record of the numeric Internet Protocol (IP) address of all visitors, and those addresses can be used in combination with online geolocation tools to glean information about each visitor's hometown or region. But this type of location information is often quite imprecise. In many cases, IP geolocation offers only a general idea of where the IP address may be based geographically.
This is typically not the case with Google's geolocation data, which includes comprehensive maps of wireless network names around the world, linking each individual Wi-Fi network to a corresponding physical location. Armed with this data, Google can very often determine a user's location to within a few feet (particularly in densely populated areas), by triangulating the user between several nearby mapped Wi-Fi access points.
Google, on the other hand, has acknowledged the bug and is assuring that it will be rolling out a fix soon which is expected in the middle of July.