Latest in Tomorrow

Image credit: SIPA USA/PA Images

Google Photos flaw let attackers grab users' location data

The now-patched flaw is another example of browser-based side-channel attacks.
188 Shares
Share
Tweet
Share
Save

Sponsored Links

SIPA USA/PA Images

Researchers have revealed a now-patched flaw that would allow hackers to track your location history using Google Photos. Ron Masas, from security company Imperva, explains in a blog post that Google Photos -- which was recently subject to an Android TV bug -- was vulnerable to browser-based timing attacks, which could leverage a photo's image data to approximate the time of a visit to a specific place or country.

For this attack to work, though, a user would have to be tricked into opening a malicious website while logged into Google Photos, and the hacker would have to dedicate a certain amount of effort to the attack, so it was never a prevalent risk. However, as Mases -- who recently uncovered a similar vulnerability with Facebook Messenger -- notes, browser-based side-channel attacks are still regularly overlooked. "While big players like Google and Facebook are catching up," he said, "most of the industry is still unaware."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
188 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best consoles, games and accessories for students

The best consoles, games and accessories for students

View
Divorce dispute leads to accusation of crime in space

Divorce dispute leads to accusation of crime in space

View
OnePlus 7T might pack a wide-angle camera

OnePlus 7T might pack a wide-angle camera

View
Scientists bioprint living tissue in a matter of seconds

Scientists bioprint living tissue in a matter of seconds

View
CDC identifies a death potentially linked to vaping

CDC identifies a death potentially linked to vaping

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr