Google Tracker: WiFi Weak Spots Get A One-Two Hit

Google Privacy

Google is among those exposed by two massive Wi-Fi security vulnerabilities revealed on Monday. The search engine giant has already rolled out patches. In better news, the company has teamed up with Target to power voice shopping and delivery via Google Express, and it’s finally getting its shot at television stardom through a deal with CBS.


There’s a KRACK in the Wi-Fi System

Monday morning (Oct. 16), researchers found a widespread cybersecurity vulnerability affecting pretty much every person and device that uses Wi-Fi and dubbed it KRACK, for Key Reinstallation Attack. The vulnerability allows hackers to trick victims into reinstalling an already-used Wi-Fi Protected Access 2 (WPA2) key.

These keys are supposed to be unique and non-recyclable, but thanks to the flaw in the system, hackers can manipulate the “handshakes” between routers and the devices that connect to them, including reusing those one-time keys. Once they’ve done that, hackers can silently intercept messages, potentially gaining access to sensitive information like credit card numbers or passwords. They could even inject malicious software (ransomware or malware) into websites, Forbes reported.

Google was hit harder than some others, since a coding error in its Android devices lets attackers find the key just by forcing a reinstallation.

Linux, Apple, Windows, Linksys and others are all affected by the cyberattack, and users are urged to run updates as soon as they are available. However, due to the range of devices affected, consumers may need to be proactive in seeking out cybersecurity solutions for connected devices such as wearables and cars as they become available, Forbes said.


Feeling Insecure?

Just hours after the KRACK vulnerability was announced, another security gap materialized. This one, called ROCA (Return Of the Coppersmith’s Attack), leverages a weakness in the encryption of chips made by the German company Infineon Technologies AG. Hackers can use the vulnerability to determine a user’s private Wi-Fi key as long as they have the public key.

Google Chromebooks are among those that contain the faulty chips. The tech giant has sent out patches, along with Fujitsu, HP, Lenovo and Microsoft, which were also affected by the breach.

KRACK at least offered the peace of mind that it could only be executed within Wi-Fi range. Researchers are saying ROCA is a more serious cybersecurity vulnerability, and also that it has been present in Chromebooks and other affected devices since 2012 or earlier.

Google, along with Infineon and Microsoft, put out notices last week containing advice for concerned users before making the big reveal on Monday.


New Partnership Hits the Target

Target customers can now use Google’s home delivery service, Google Express, the retailer announced on Thursday (Oct. 12). Target customers can also shop Google Express via Google Assistant on the Google Home and Android TV, with support for Android and Apple smartphones coming soon.

The idea of Google Express is to help customers get their shopping done fast and then have their purchases delivered to their door. Google Express purchases from Target are sourced from local Target store shelves. By linking their Target and Google accounts, customers can clue in Google Express about the items they buy most often so that reordering by voice becomes a short and sweet command.

Next year, Target REDcard holders will be able to use the card on Google Express and save 5 percent, the retailer said.


The Final Ad Frontier

Google has been trying to get into TV advertising since 2007. After dead-end discussions with some of the biggest TV networks and conglomerates out there, Google’s technology is finally getting its 15 seconds of ad-slot fame, as the company will be serving streaming ads during the next original “Star Trek” series.

The series is a big gamble for CBS, as the network hopes to make “Star Trek” the anchor series for its new streaming subscription service, CBS All Access. Now Google too is betting on the series, and the streaming ads as a whole, to succeed as the search engine giant aims to ride out the tectonic shifts in TV and media with a parallel shift in advertising strategies.