The WiFi on your mobile device and other Wifi-enabled devices track where you’re living, working, and moving within the accuracy of a few meters. This is the kind of data you don’t want being shared. However, both the Chromecast streaming dongle and Google Home Speaker have a design flaw that opens the door to web browsers and sites interacting with these devices. Learn if you’re safe below.
Craig Young of Tripwire found that the Home app, used to configure these devices, directs some tasks via a local HTTP network instead of Google Cloud. This means these commands are fulfilled without any authentication requirement. This loophole means hackers can locate you as long as you’re sharing the same local network as the Chromecast dongle or Home Speaker. They could also redirect you to malicious sites and use the lack of authentication to attack you. So be extra careful if you having either of these devices.
Brian Krebs who hosts his own cybersecurity website and worked with Young contacted Google to flag these flaws. They responded they’ll work to fix these vulnerabilities by mid-July.
In the mean time (and always), here’s how to protect yourself:
- Run a FixMeStick scan to ensure your computer hasn’t been breached
- Update your passwords – Dashlane makes that easy, try it for free here
- Consider adding an extra router to your network exclusively for your IoT devices (think all your smart phone gadgets). These are often not engineered with safety in mind and so create the perfect loophole for hackers to exploit.
- Be mindful of the sites you visit if you’re connected to the same network as some of your Internet of Things gadgets.
Keep up with this good digital etiquette by subscribing to our FixMeStick newsletter here.