A bug in chromecast and google home allows to know the user's position

Chromecast and Google Home devices have a security flaw that allows any website to access Google's precise location service to know the exact position of the devices.

Chromecast and Google Home reveal user position

Generally, websites can get a rough idea of ​​the user's location through the device's IP address, but it is not extremely accurate, so the privacy of visitors is protected to some extent. Google uses high-precision location services that rely on wireless networks around the user to triangulate their position very precisely.

We recommend reading our post on Amazon Fire TV Stick: Chromecast rival is now available

The failure in these devices allows any website to see nearby wireless connections, and cross-reference with the Google database to determine the precise location of the user. Craig Young, the researcher who discovered the flaw, says that although the Google app, which uses this functionality, implies that you must be signed in to a Google account linked to the target device, there is no authentication mechanism built into the protocol level.

Young says he was only able to test the bug at three different locations, but in each case the location obtained by the website corresponded to the correct address. When the investigator initially submitted an error report to Googl and describing the problem, the company dismissed the report and closed it. But when contacted by Krebs on Security, the company said it would fix the problem through an update scheduled for release in July.

User privacy is being a major topic of discussion, with Facebook often standing out for the worst reasons, this mistake and Google's initial response seem to indicate that the social network isn't the only one making a few mistakes.