Google Home’s data leak proves the IoT is still deeply flawed | WIRED UK
The Internet of Things (IoT) security problem isn’t going away. The connected network of billions of devices – from smart doorbells to office printers – is regularly found to have privacy problems and be open to attack by potential hackers.
The latest of these incidents? Google’s artificial intelligence Home speaker and the Chromecast, the firm’s streaming device, have been found to reveal a user’s precise physical location. Revealed by Tripwire security researcher Craig Young, the bug can make a person’s location known to an accuracy of around 10 metres.
“I’ve only tested this in three environments so far, but in each case, the location corresponds to the right street address,” Young told Brian Krebs in an interview published at the same time as Young’s research. Locations could be extracted as some commands the Home and Chromecast devices receive are transmitted across unsecured HTTP connections and without any form of authentication.
There are some caveats to the privacy issue which mean it would be unlikely to be exploited by those with malicious intents. An example of the attack created by Young requires an individual to open and remain on a webpage for around a minute. While this is happening the Wi-Fi network is scanned and any connected Google devices are highlighted – their specific location data can then be gleamed.