An Android TV vulnerability first discovered earlier this year made the news last weekfollowing an extensive reportby 404 Media. Simply put, this exploit could potentially expose your sensitive Google account details, including your Gmail inbox, when you sign in to your Google account on a public Android TV setup, such as at a hotel or similar establishments. Google has since confirmed that it has already sent out an update to fix this bug onGoogle TVand Android TV devices, but we’re now getting more details on what the company has done to curb this potentially damaging security exploit.
Why it’s the right time for a new 4K Chromecast with Google TV
The Chromecast with Google TV is nearly 4 years old — it’s about time for an update
In a statement to9to5Google, the company said that a sideloaded version of the Chrome browser won’t automatically use the login token from a user’s Google account in apps like Drive or Gmail. Google also told 9to5 that this bug fix is reaching Google TV and Android TV devices through an app update, which as 9to5Google points out, means that even older hardware can be protected from this particular loophole.
What took Google so long to respond?
For a bit of background, this particular flaw with Android TV was first disclosed by YouTuber Cameron Gray way back in January, as you’re able to see in the video embedded above. Gray warned users against signing in to their Google accounts using a hotel or BnB’s Android TV unit, citing the potential security concerns. The issue then reached the office of Senator Ron Wyden (OR), a member of the Senate Select Committee on Intelligence. Google initially told the Senator’s office that this vulnerability wasexpected behavior, per the 404 Media report that was published this past Thursday.
How to use Google TV
How to use Google’s version of Plex
Google only took this issue more seriously after the publication reached out for a comment, later saying, “Most Google TV devices running the latest versions of software already do not allow this depicted behavior,” adding that the company would issue a fix for other devices. Although this particular vulnerability should be widely fixed by now, it begs the question as to why Google didn’t take this issue seriously when it was first made public in January.
