Home > Content > Google Photos Flaw Exposes Users’ Location Data

Google Photos Flaw Exposes Users’ Location Data

Security research firm Imperva have revealed a now-patched flaw that would expose users’ location history on Google Photos.

In a blog post, Imperva exec Ron Masas — who recently exposed a similar flaw in Facebook Messenger — explains that Google Photos was vulnerable to browser-based timing attacks.

This flaw could expose a photo’s image data allowing hackers to estimate the time of a visit to a specific place.

“After some trial and error, I found that the Google Photos search endpoint is vulnerable to a browser-based timing attack called Cross-Site Search (XS-Search),” says Masas.

In order for users to be affected, they would have needed to open a malicious link while logged into their Google Photos account.

As this particular kind of hacking would have been a time-intensive and targeted attack, it is not considered a major risk.

However, as Masas says in his post, flaws like these are too-often overlooked by the industry.

“While big players like Google and Facebook are catching up,” he said, “most of the industry is still unaware.”

Google has now patched the flaw, but side-channel attacks like this are still a risk on other services such as Dropbox, iCloud, Twitter, and more.

You may also like
Google Tipped Add 4K HDR Dolby Vision For Play Movies
Fitbit Google Deal Could Get Scuttled As US Agencies Fight
Big-Tech Tax Gap Hits $100bn As Silicon Six Plead Innocent
Morrison Gov Worried Tech Giants Might Have To Pay More Tax
Google Founders ‘Leave The Roost’ With Majority Power Intact