A security researcher discovered a vulnerability in Google Photos web version which allowed attackers to learn the location history of your photos.
Google photos allow users to find and tag photos based on the metadata information such as geographic coordinates, date of creation, etc. By using artificial intelligence algorithem it can detect objects and faces based on tagging.
Ron Masas, a security researcher at Imperva, discovered that through browser-based timing attacks a hacker could find out a user’s location or travel history.
In this case, timing a search query will receive zero results. In the next step researcher queried “photos of me from Iceland” and compared result of both.
If the query took longer search time than the baseline, he could infer that user visited Iceland.
“As I mentioned above, the Google Photos search engine takes into account the photo metadata. So by adding a date to the search query, I could check if the photo was taken in a specific time range. By repeating this process with different time ranges, I could quickly approximate the time of the visit to a specific place or country.”
For the attack to work, the attacker needs to trick victims in to visit a malicious website while they logged in to Google photos.
Here the attacker does not have to extract all information at once. Instead, they can keep track of everything and resume when the victim revisits the malicious website.
Researcher notified Google about the vulnerability and has been patched now. The researcher has also shared a video demonstration of the proof of concept of the attack which can be seen below:
You may be interested in reading:New Zero-day flaw in Google Chrome Discovered Actively Exploited in the Wild