Google Photos flaw let attackers grab users' location data

The now-patched flaw is another example of browser-based side-channel attacks.

Researchers have revealed a now-patched flaw that would allow hackers to track your location history using Google Photos. Ron Masas, from security company Imperva, explains in a blog post that Google Photos -- which was recently subject to an Android TV bug -- was vulnerable to browser-based timing attacks, which could leverage a photo's image data to approximate the time of a visit to a specific place or country.

For this attack to work, though, a user would have to be tricked into opening a malicious website while logged into Google Photos, and the hacker would have to dedicate a certain amount of effort to the attack, so it was never a prevalent risk. However, as Mases -- who recently uncovered a similar vulnerability with Facebook Messenger -- notes, browser-based side-channel attacks are still regularly overlooked. "While big players like Google and Facebook are catching up," he said, "most of the industry is still unaware."