Latest in Tomorrow

Image credit:

Google Photos flaw let attackers grab users' location data

The now-patched flaw is another example of browser-based side-channel attacks.
Share
Tweet
Share

Sponsored Links

SIPA USA/PA Images

Researchers have revealed a now-patched flaw that would allow hackers to track your location history using Google Photos. Ron Masas, from security company Imperva, explains in a blog post that Google Photos -- which was recently subject to an Android TV bug -- was vulnerable to browser-based timing attacks, which could leverage a photo's image data to approximate the time of a visit to a specific place or country.

For this attack to work, though, a user would have to be tricked into opening a malicious website while logged into Google Photos, and the hacker would have to dedicate a certain amount of effort to the attack, so it was never a prevalent risk. However, as Mases -- who recently uncovered a similar vulnerability with Facebook Messenger -- notes, browser-based side-channel attacks are still regularly overlooked. "While big players like Google and Facebook are catching up," he said, "most of the industry is still unaware."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Zappos' pioneering ex-CEO Tony Hsieh dies at 46

Zappos' pioneering ex-CEO Tony Hsieh dies at 46

View
Vava’s 4K ultra short-throw projector is $840 off at Amazon

Vava’s 4K ultra short-throw projector is $840 off at Amazon

View
The best Black Friday tech deals we could find

The best Black Friday tech deals we could find

View
The Morning After: The best Black Friday deals that are still going

The Morning After: The best Black Friday deals that are still going

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr