Home > Content > Google Photos Flaw Exposes Users’ Location Data

Google Photos Flaw Exposes Users’ Location Data

Security research firm Imperva have revealed a now-patched flaw that would expose users’ location history on Google Photos.

In a blog post, Imperva exec Ron Masas — who recently exposed a similar flaw in Facebook Messenger — explains that Google Photos was vulnerable to browser-based timing attacks.

This flaw could expose a photo’s image data allowing hackers to estimate the time of a visit to a specific place.

“After some trial and error, I found that the Google Photos search endpoint is vulnerable to a browser-based timing attack called Cross-Site Search (XS-Search),” says Masas.

In order for users to be affected, they would have needed to open a malicious link while logged into their Google Photos account.

As this particular kind of hacking would have been a time-intensive and targeted attack, it is not considered a major risk.

However, as Masas says in his post, flaws like these are too-often overlooked by the industry.

“While big players like Google and Facebook are catching up,” he said, “most of the industry is still unaware.”

Google has now patched the flaw, but side-channel attacks like this are still a risk on other services such as Dropbox, iCloud, Twitter, and more.

You may also like
Google Rolls Out Chromebook Update Highlighting CES Releases
US Urges Australia To Reconsider Forcing Facebook & Google To Pay For News
New Security Flaw Reveals Ring User Data
ACCC & DoJ Not Happy With Google-Fitbit Deal, Legal Action Looms
Google Finally Gets Fitbit Deal Over The Line