Recently it has been discovered that Google Home smart speakers and the Chromecast TV devices have a potential privacy leak, which could expose the locations of the owners to the hackers.
A researcher from the Tripwire security firm, Craig Young first noticed this vulnerability. According to him, this flaw essentially stems from the basic designs, which are quite widespread in the Internet of Things (IoT) devices. One of these problems is that these "devices rarely require authentication for connections received on a local network," said Young.
As per the researcher, the Home app that the owners of these devices use for configuring Google Home and Chromecast conducts most of the actions using Google's cloud. But some tasks are performed making use of the local HTTP servers and that's where a distant hacker or spammer could break it through and get the information about the users' locations, said the researcher.
Now, the good news is that Google has already addressed the problem and said that they are working to fix the privacy leak, reported security researcher Brian Krebs.
"Security is an ongoing focus for our teams. We're aware of the report and will be rolling out a fix in the coming weeks," Google told USA Today.
Young conducted a test to see how the breach happens and how much vulnerable it makes the users.
"Although Google's app, which uses this functionality, implies that you must be logged into a Google account linked with the target device, there is, in fact, no authentication mechanism built into the protocol level," explained Young.
He revealed that on his home network, with the aid of his DNS rebinding server, he was not only able to hijack the screen attached to the Chromecast but was actually able to use data extracted from the devices to determine their physical location with "astonishing accuracy".