“I’ve only tested this in three environments so far, but in each case the location corresponds to the right street address,” Young said. Young said a demo he created (a video of which is below) is accurate enough that he can tell roughly how far apart his device in the kitchen is from another device in the basement. With my attack demo however, I’ve been consistently getting locations within about 10 meters of the device.” For my home Internet connection, the IP geolocation is only accurate to about 3 miles.
“For example, if I geolocate my IP address right now, I get a location that is roughly 2 miles from my current location at work. “The difference between this and a basic IP geolocation is the level of precision,” Young said. Armed with this data, Google can very often determine a user’s location to within a few feet (particularly in densely populated areas), by triangulating the user between several nearby mapped Wi-Fi access points. This is typically not the case with Google’s geolocation data, which includes comprehensive maps of wireless network names around the world, linking each individual Wi-Fi network to a corresponding physical location. In many cases, IP geolocation offers only a general idea of where the IP address may be based geographically. But this type of location information is often quite imprecise. It is common for Web sites to keep a record of the numeric Internet Protocol (IP) address of all visitors, and those addresses can be used in combination with online geolocation tools to glean information about each visitor’s hometown or region. The attack content could be contained within malicious advertisements or even a tweet.” “The only real limitation is that the link needs to remain open for about a minute before the attacker has a location. “An attacker can be completely remote as long as they can get the victim to open a link while connected to the same Wi-Fi or wired network as a Google Chromecast or Home device,” Young told KrebsOnSecurity. Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services.
#New google chromecast 2018 tv
New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.Ĭraig Young, a researcher with security firm Tripwire, said he discovered an authentication weakness that leaks incredibly accurate location information about users of both the smart speaker and home assistant Google Home, and Chromecast, a small electronic device that makes it simple to stream TV shows, movies and games to a digital television or monitor. Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products.
0 kommentar(er)
