Google Photos flaw let attackers grab users’ location data

The Google Photos application is seen on a portable device in this photo illustration on December 6, 2017.

The now-patched flaw is another example of browser-based side-channel attacks.

Researchers have revealed a now-patched flaw that would allow hackers to track your location history using Google Photos. Ron Masas, from security company Imperva, explains in a blog post that Google Photos — which was recently subject to an Android TV bug — was vulnerable to browser-based timing attacks, which could leverage a photo’s image data to approximate the time of a visit to a specific place or country.

For this attack to work, though, a user would have to be tricked into opening a malicious website while logged into Google Photos, and the hacker would have to dedicate a certain amount of effort to the attack, so it was never a prevalent risk. However, as Mases — who recently uncovered a similar vulnerability with Facebook Messenger — notes, browser-based side-channel attacks are still regularly overlooked. “While big players like Google and Facebook are catching up,” he said, “most of the industry is still unaware.”

Share:

Other News

Nothing in this publication should be considered as personalized financial advice. We are not licensed under securities laws to address your particular financial situation. No communication by our employees to you should be deemed as personalized financial advice. Please consult a licensed financial advisor before making any investment decision. This is a paid advertisement and is neither an offer nor recommendation to buy or sell any security. We hold no investment licenses and are thus neither licensed nor qualified to provide investment advice. The content in this report or email is not provided to any individual with a view toward their individual circumstances. Canada News Group is a wholly-owned subsidiary of Market IQ Media Group, Inc.

While all information is believed to be reliable, it is not guaranteed by us to be accurate. Individuals should assume that all information contained in our newsletter is not trustworthy unless verified by their own independent research. Also, because events and circumstances frequently do not occur as expected, there will likely be differences between any predictions and actual results. Always consult a licensed investment professional before making any investment decision. Be extremely careful, investing in securities carries a high degree of risk; you may likely lose some or all of the investment.

Latest Headlines

Subscribe

Join our email list to receive the free market update newsletter

Canada News Group is a financial media company whose focus is to provide readers with financial news and content on the latest trends and happenings in the financial world.

error: Content is protected !!