Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android TV Bug Gave Users Access To Strangers' Google Photos (engadget.com)

Posted by msmash on from the strange-bug dept.

Over the weekend, a disturbed Android TV owner took to Twitter when he realized, through the Google Home app, he could access a massive list of random accounts, as well as photos they'd added to their Google Photos albums. From a report: If someone were to click on "linked accounts" while setting your Google Photos screensaver, the Google Home bug apparently showed a giant, scrolling list of users. From there, the bug allowed limited access to users' personal images in Google Photos, which could then be displayed as Ambient Mode screensavers. That is, someone could have theoretically displayed your photos as screensavers on their Android TV without you knowing it. The user who discovered this bug theorized that the list of accounts were other users with the same TV model, but that hasn't been confirmed yet. There's no answer yet on where this bug came from, but Google is working on a fix and has disabled Google Photos screensavers in the meantime.

3 of 41 comments (clear)

  1. Protect Yourself! by forkfail · · Score: 5, Insightful

    Not everything has to be a "smart device" - the more you have, the more chance your data will be compromised and exposed (sooner).

    Just buy a regular "dumb TV".

    Oh, wait. You can't. But at least it's a Good Thing (tm) for you!

    --
    Check your premises.
  2. Google, we are not surprised by Anonymous Coward · · Score: 5, Insightful

    One of those situations where if you're going to trust a 3rd party to store your pictures then perhaps you should find a place that allows you to upload encrypted files.

  3. Re:Dumbass by Solandri · · Score: 4, Interesting

    It's not that simple. I've had to help a dozen or so people try to recover "irreplaceable" photos from a dead phone or hard drive. I've never had someone complain that their online photos were seen by unauthorized persons. And in fact, I suspect the people who lost their photos would've gladly accepted strangers viewing their photos if it meant they had them back. So on balance, it's a risk worth taking for most people, and I recommend people backup their important photos to the cloud. Google Photos is a good choice because they give you free unlimited storage of photos up to 2048x2048 resolution (it has an option to automatically downsize larger photos). (The other services I recommend are Amazon Prime - unlimited storage of photos of any size, and Office 365 - inclues 1 TB of cloud storage.)

    Totally agree with you that unless encrypted, private documents like will or your master password list, or private porn you made with your SO do not belong on the cloud. But for regular photos documenting important moments in your and your children's lives, the risk of losing everything in a fire or robbery is greater than the risk of an unauthorized person viewing them online. So back them up to the cloud. It's the lesser of two evils.