Google Home and Chromecast leaking location information

walden, system, systems, walden systems, rita, firewall, port, forward, up, protect, intrusion, security, traffic, DMZ, block, protection, walden systems, walden, systems, network, fire, wall, hack, intrusion, cisco, router, network, switch, hub, IoT, traffic
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.



     Google Home and Chromecast devices allows hackers to uncover the precise physical locations of the connected gadgets thanks to two common internet of things issues in both. A patch from Google is incoming in July. At issue is that they don't require authentication for connections received on a local network. Local HTTP is used to configure or control embedded devices like many other Iot devices. As a result, a hacker can use DNS rebinding to carry out an attack. This is a technique where JavaScript in a malicious web page is used to communicate with or gain control of a victim router or other target device that uses a default password and web-based administration.

     This means that websites can sometimes interact with network devices. It turns out that although the Home app, which allows users to configure Google Home and Chromecast, performs most actions using Google's cloud, some tasks are carried out using a local HTTP server. Commands to do things like setting the device name and WiFi connections are sent directly to the device without any authentication. In a proof of concept, a user can be tricked to open a specially crafted URL containing the malicious JavaScript from a computer connected to a home network, which is also connected to a Google Home or Chromecast device.




     Starting from a generic URL, a hacker can first identify the local subnet, scan it looking for the Google devices, and register a subdomain ID to initiate DNS rebinding on the victim. The code being served by the malicious URL then asks the Google device for a list of nearby wireless networks and by running that list through the Google Maps geolocation service, the victim's location can be uncovered thanks to Wi-Fi triangulation that makes use of WiFi access point maps collected by the millions of phones opted into Google's enhanced location services. The effort takes around a minute, according to researchers.

     Even without a GPS receiver, Google Maps can typically locate a device within 10 meters. Using the DNS rebinding software, researchers created a basic end to end attack that worked in Linux, Windows and macOS using Chrome or Firefox. A hacker would be able to carry out the attack via a malicious mobile app. If one thinks about it in the context of an Android or iPhone app, these can connect to anything on your network. It's able to see the IP address of phone and check nearby devices. There are a lot of ways hackers could map out home networks. If you have a device and it allows you to do something without a password, it's very likely that a hacker can do the same using a malicious mobile app or via web pages with DNS binder rebinding, or via some other technique we haven't thought of yet.



     In addition to allowing hackers to physically track down devices and arming a hakcer with geo data that can be used to create a more believable phishing or extortion messages. It also allows a third party to correlate who shares the household. Someone could run this attack and pull some unique information from the home network, to correlate whether there's a connection between the cookie and the network. The problems are not specific to Google devices, it should be noted that there are many IoT devices out there with the same issues.

     The only way to completely protect the risk of being tracked by these kinds of devices is to disconnect them. Using professional network segmentation or a separate router for connected smart home items can help limit the hack. Users should also be mindful of what websites or apps are loaded while on the same network as the devices. Those using DD-WRT might be getting protection from this by default as long as devices pointed to router for DNS.