December 2, 2020
Google Photos security flaw

Google Patched a Security Flaw in Google Photos that Allowed Bad Actors to Obtain Users’ Location Data

A now corrected Google Photos security flaw, once let nefarious characters grab users’ location data, researchers point out…

Researchers at security firm Imperva have uncovered a now-patched bug which previously allowed hackers to track Google Photos users’ location history.

Google Photos Security Flaw Allowed Attackers to Obtain Users’ Location Data

Google Photos — which was recently victimized by an Android TV bug — was in-fact susceptible to browser-based timing attacks. Such invasions could help to leverage any photo’s image data, which includes an approximate time and location.

“A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken.” — Ron Masas

It wasn’t a totally sophisticated risk, however. For this kind of attack to actually work, a hacker would have to trick a user into visiting a malicious website. (That user must also be logged into Google Photos and the assailant would have to invest a substantial amount of time.)

Although, this is part of a bigger issue. Similar sites, such as Facebook, Messenger, and others, are still at-risk for browser-based, side-channel attacks. The good news is, the largest players, like Google and Facebook are dedicating more resources to this particular problem.

Ashley Lipman

Ashley Lipman is a super-connector with Outreachmama who helps businesses find their audience online through outreach, partnerships, and networking.

View all posts by Ashley Lipman →