Apr 12, 2019
It's another Security Thing Friday. Craig talks about the new bug that lets criminals in on the photos we share and upload in Google Photos.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles
---
Below is a rush transcript of this segment, it might contain errors.
Airing date: 04/12/2019
Google Photos Bug Lets Criminals In
Craig Peterson 0:03
Hi, welcome to the Friday edition of It's a Security Thing. We're
going to talk today a little bit about another type of
vulnerability that is kind of more potential it is real and it can
be done. It's not terribly complex. But you have to be a real
target in order for it to really hit you at all. And this
particular one has to do with Google Photos. Now, you might use
Google Photos. There's a lot of different photo sharing services
out there, Flickr was recently purchased. And there is all kinds of
data that you have in these different services that you might not
realize is there. Now Google Photos is really kind of cool when you
get behind the scenes. It knows tons of information about anybody
that has uploaded photos to it. And it's automatically tagging the
images. Now it takes the metadata from the image. And if you
haven't stripped it, that includes things like the date and time it
was taken, the actual GPS coordinates, the location that it was
taken. And then what Google Photos does, is it has kind of an
artificial intelligence engine. And it looks for objects and events
that might be occurring in the background of the photo. So might
look at the picture and say, wow, this looks like a wedding dress,
and the groom is all dressed up. And there's other details that
might indicate a wedding. So it says, oh, wow, this is a
wedding.
Craig 1:40
Or there's a waterfall in the background, it's at sunset, it
figures out just tons of stuff based on the location and time that
are in the picture, as well as the picture contents itself. It's a
really good, really quite cool. It's also using facial recognition,
and using that to tag people who are also present in the photos. So
here's what happens with Google Photos search engine. I just love
this idea. I'm tempted to upload photos to it because of this. But
in the Google Photos search engine, you can do a search like photos
of me and Karen from Paris 2017. And Google Photos knows enough
information to be able to find it. I could say Google Photos of me
in Paris in Google Photos of me in wherever it was I was at or near
this or near that. It's very impressive what Google's doing. So a
security researcher decided, Hmm, I wonder what I can do here. And
he went in, I'm trying to find his name. Its Massas, I think, is
it? Yeah, it's Ron Massas. And he went in and he said, I wonder if
this data could be hacked? And he found that indeed, it could be
but only under some pretty specific circumstances, which people
could be tricked into doing. And then it can find out things about,
you know, obviously, this would be for very specific type of
attack. They're doing spearphishing. And you if you listen to my
interviews this week on the radio, you know, a lot about
spearphishing, more than you might want to know and sextortions
that are going on right now.
Craig 3:48
So he was able to do a side attack on Google Photos, and was able
to figure out what people had done, where they had gone at what
they had done when they were there various other things. Again,
it's a kind of a complex thing. But it does make me think and
probably makes you think about Google and these other sites. All of
the stuff we have put out there, and that we've given Google and
these other companies access to. Is it legit? Is it something we
should be doing? And that's the reason I haven't uploaded my photos
to Google Photos. Because I'm not sure I want Google to know about
all this stuff. And I most particularly don't want Google to end up
selling that information or being hacked, and having that
information stolen, because that happens all too often not so much
with Google, although it does happen with them. But with
information that we upload all the time. Remember, yesterday, we're
talking about software as a service. And Apple is very good about
not mining data to advertise. Apple makes its money by selling new
hardware and some software. Google makes its money by analyze you
and trying to figure out everything it can about you so that it can
sell your information to advertisers. So up to you what you want to
do. But again, here's another risk. And I bet most of us just
didn't know, Google was doing all of this with photos we uploaded
to Google Photos. I certainly didn't.
Craig 5:20
Alright, everybody. Have a great weekend. Make sure you tune in on
Saturday morning. You should be getting my emails if not go to
http://CraigPeterson.com/subscribe. But once you get my emails, you
will see all of the articles I talked about during the week. And
it's important to keep up on all of that stuff. And also you can
listen you can just click and listen right there to this week,
Saturday show podcast. All of that stuff right there at
http://CraigPeterson.com. So I'll be back Saturday, and then I'll
be back to my regular schedule Monday through Friday with podcasts
next week. Thanks everybody. Make sure you subscribe.
http://CraigPeterson.com/iTunes. You'll find me right there or
/TuneIn. I'm on a whole bunch of sites out there, but subscribing
really helps. Because that raises us in the chart and lets people
know that hey, they might want to listen to the show too. Take care
everybody. Bye bye.
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Message Input:
Message #techtalk
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553