Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Google Photos vulnerability could have let hackers retrieve image metadata

March 20, 2019
in Internet Security
Google Photos vulnerability could have let hackers retrieve image metadata
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: ZDNet

Google has patched a bug in its Photos service that could have allowed a malicious threat actor to infer geo-location details about images a user was storing in their Google Photos account.

The attack is what security researchers call a browser side-channel leak.

You might also like

Why would you ever trust Amazon’s Alexa after this?

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

Oxford University lab with COVID-19 research links targeted by hackers

It works by luring users on a threat actor’s website where malicious JavaScript code probes URLs for private sections of a user’s online accounts and then measuring the size and time the target website takes to respond –even with a classic “access denied” response.

The attacker measures and compares these responses in order to determine if certain artifacts exist in a user’s private account.

This is how Imperva security researcher Ron Masas discovered this Google Photos image metadata leak.

The researcher created a JS script that would probe the Google Photos search feature. Once a user landed on a malicious website, the script would use the user’s browser as a proxy for sending requests and searching through a thei Google Photos account.

For example, Masas said he used a search query of “photos of me from Iceland” to determine if the user had ever visited Iceland.

Masas was able to do this by measuring the size of the HTTP response and time it took Google Photos to respond to these search queries, even if no actual private photos were ever returned.

He also used date intervals to refine the search query to ascertain when the target had most likely visited a particular place. Other data could have been inferred in the same way with the help of other search queries.

This type of attack is now blocked in Google Photos, but there are many other services that attackers can target and siphon small details about a victim’s day-to-day life –such as Dropbox, iCloud, Gmail, Twitter, and more.

Facebook patched a similar browser side-channel attack last month, also after a report from Masas. Just like in today’s Google Photos attack, Masas found a Facebook endpoint that he could query and infer details about private Facebook photos and the location at which they had been taken.

To be clear, browser side-channel attacks are very clever, but they require a lot of per-victim fine-tuning, making them useless for mass harvesting operations. Nonetheless, they are quite useful for attackers stalking a particular target.

More vulnerability reports:

Credit: Source link

Previous Post

New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep

Next Post

Adding Search to Your Site with JavaScript

Related Posts

Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Oxford University lab with COVID-19 research links targeted by hackers
Internet Security

Oxford University lab with COVID-19 research links targeted by hackers

February 27, 2021
Fastest VPN in 2021 | ZDNet
Internet Security

Fastest VPN in 2021 | ZDNet

February 27, 2021
Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid
Internet Security

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

February 27, 2021
Next Post
Adding Search to Your Site with JavaScript

Adding Search to Your Site with JavaScript

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Is Wattpad and its machine learning tool the future of TV? — Quartz
Machine Learning

Is Wattpad and its machine learning tool the future of TV? — Quartz

February 27, 2021
Oxford University lab with COVID-19 research links targeted by hackers
Internet Security

Oxford University lab with COVID-19 research links targeted by hackers

February 27, 2021
The Education Industrial Complex: The Hammer We Have
Data Science

The Education Industrial Complex: The Hammer We Have

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Why would you ever trust Amazon’s Alexa after this? February 28, 2021
  • AI & ML Are Not Same. Here's Why – Analytics India Magazine February 27, 2021
  • Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers February 27, 2021
  • Is Wattpad and its machine learning tool the future of TV? — Quartz February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates