 |
| Chrome OS displays geolocation records |
Chrome OS unknown behavior can indicate user movements over wireless network protocols.
When using the guest mode feature of Chrome OS, the attack requires physical access to the device. However, the attack can be executed without knowing the user's password or login name.
The bug was reported by the Jiefang Information Technology Commission, a collective tech group made up of several former Google employees.
A Google spokesperson said: We are investigating this issue and device owners can disable guest mode and block new user creation.
The bug is due to the way the Chromebook keeps its wireless network records, which explain when and how the computer is connected to the Internet.
The protocol cannot confuse technical users, but the protocol can be decoded to detect wireless networks within range of a computer.
If other dates are available, this may indicate the movement of the owner during the period covered by the registry, which can be up to 7 days.
Since Chrome OS stores these logs in an unprotected volume, they can be accessed without a password.
Simply open the Chromebook in guest mode and switch to the composite title that appears in local storage.
This will display all computer logs, including computer records created outside of guest mode.
Andres Arrieta, researcher at the Electronic Frontier Foundation, confirmed the attack, saying, “It is a particular concern of targeted and marginalized communities.
While this flaw does not benefit traditional cyber criminals, it does raise privacy concerns for those who fear being monitored by family members or co-workers.
The worrying thing, Arita said, is that anyone with fast physical access to the device can log in as a guest and quickly get records and location details.
He added: The security team must work to better understand the potential impact of these errors on all users and include them in the assessment and setting priorities.