Imperva Researchers recently patched a vulnerability in Google Photos that could allow threat actors to track a user’s location history.
By exploiting the flaw and using a little social engineering, malicious websites could have exposed when Google Photos were taken, according to the report.
Imperva researcher Ron Masas used an HTML link tag to create multiple cross-origin requests to the Google Photos search end points and Javascript to measure the amount of time it took for the onload event to trigger. He was then able to calculate the baseline time or a timing a search query that will return zero results.
The researcher then timed the following query "photos of me from Iceland" and compared the result to the baseline and found that if the search time took longer than the baseline, he could assume the query returned results and thus infer that the current user visited Iceland
By adding a date to the search query, Masas could check if the photo was taken in a specific time range and by repeating this process with different time ranges, he could quickly approximate the time of the visit to a specific place or country.
For the attack to work, the target must open the malicious website while logged in and the malicious code will generate requests for the Google Photos search end point to extract boolean, true or false, answers to any query the attacker makes.