Google Photos flaw let attackers grab users' location data

The now-patched flaw is another example of browser-based side-channel attacks.

Sponsored Links

SIPA USA/PA Images
SIPA USA/PA Images

Researchers have revealed a now-patched flaw that would allow hackers to track your location history using Google Photos. Ron Masas, from security company Imperva, explains in a blog post that Google Photos -- which was recently subject to an Android TV bug -- was vulnerable to browser-based timing attacks, which could leverage a photo's image data to approximate the time of a visit to a specific place or country.

For this attack to work, though, a user would have to be tricked into opening a malicious website while logged into Google Photos, and the hacker would have to dedicate a certain amount of effort to the attack, so it was never a prevalent risk. However, as Mases -- who recently uncovered a similar vulnerability with Facebook Messenger -- notes, browser-based side-channel attacks are still regularly overlooked. "While big players like Google and Facebook are catching up," he said, "most of the industry is still unaware."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Google Photos flaw let attackers grab users' location data