Latest in Tomorrow

Image credit: SIPA USA/PA Images

Google Photos flaw let attackers grab users' location data

The now-patched flaw is another example of browser-based side-channel attacks.

Sponsored Links


Researchers have revealed a now-patched flaw that would allow hackers to track your location history using Google Photos. Ron Masas, from security company Imperva, explains in a blog post that Google Photos -- which was recently subject to an Android TV bug -- was vulnerable to browser-based timing attacks, which could leverage a photo's image data to approximate the time of a visit to a specific place or country.

For this attack to work, though, a user would have to be tricked into opening a malicious website while logged into Google Photos, and the hacker would have to dedicate a certain amount of effort to the attack, so it was never a prevalent risk. However, as Mases -- who recently uncovered a similar vulnerability with Facebook Messenger -- notes, browser-based side-channel attacks are still regularly overlooked. "While big players like Google and Facebook are catching up," he said, "most of the industry is still unaware."

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr