Google Home and Chromecast can give away your home location

maxresdefault 1 1024x576 - for some reason we don't have an alt tag hereFile this under possible, being patched, and not currently being exploited in the wild. Chromecast and Google Home can be exploited to give your physical location away and allow execution of commands from unauthenticated sources. This according to research posted on Tripwire today.

The details of the exploit appear to involve someone on your network visiting a a URL and staying there long enough for some code to run which appears to rebind DNS in some form or fashion effectively allowing an attacker to pretend to be in your network.

Commands in-network evidently are not authenticated, and it’s not Google exclusive, just this particular attack was written for Google Home/Chromecast.

This means someone could start playing anything on any of your Chromecasts, get your location within a few feet based on the Chrome/Home devices around you, and potentially anything bad that could be thought of could happen.

Patches are on the way, if you’re paranoid now put your IoT devices behind another router that isn’t on the same subnet as your browsers/phones.

Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King