Glaring Android TV security flaw could put your Gmail at risk
What do you want to know A flaw in Android TV could allow unauthorized access to Gmail and other related services if someone physically accesses the device. Using an Android TV box, individuals can potentially hack the last user’s Google account, compromising Gmail and Google Drive. Initially, Google implied that this behavior was expected, but […]
What do you want to know
- A flaw in Android TV could allow unauthorized access to Gmail and other related services if someone physically accesses the device.
- Using an Android TV box, individuals can potentially hack the last user’s Google account, compromising Gmail and Google Drive.
- Initially, Google implied that this behavior was expected, but later acknowledged the security flaw and claimed to have fixed it on newer Google TV devices.
A security flaw in Android TV could allow anyone to monitor your Gmail and other related services if they get their hands on your device, according to 404 Media.
According to a video posted to YouTube by Cameron Gray earlier this year, if someone gets their hands on an Android TV box, they can hack the Google account of the last person logged in, including their Gmail account and Google Drive (via Mishaal Rahman). ).
PSA: Don’t sign in to your personal Google account on an Android TV device you don’t own! https://t.co/l0FScUVT4MApril 25, 2024
If Google Chrome detects a Google account on the device it is installed on, it automatically logs you into any Google services you visit. Now, because Android TV is essentially Android, it treats the connection to the owner’s Google account as if it were permanent, so it is automatically connected to approved apps from the Play Store.
Even though Google doesn’t officially allow you to install Chrome on Android TV, you can still download it to install it there. And once turned on, you have access to Gmail, Drive and all other services, as demonstrated in the video.
In the video, Gray installs a third-party web browser called “TV Bro” which you can grab from the Play Store for Android TV. It uses it to extract an APK for Chrome from an online archive and installs it without any problems. But the app doesn’t work well with TV remotes, so you’ll need a keyboard and mouse.
Once Chrome is up and running, it’s as easy as pie to access the Gmail website and you’re there: no passwords, PINs or biometrics required to prove you own the TV.
From what Gray discovered, Android TV’s weak security makes it a prime target for checking connected email accounts. If you only use Android TV at home, you’re probably safe. But if you’re connecting to Android TV from a device outside your crib, that’s when you’re asking for trouble.
Google’s initial position suggested that this was how it was supposed to work, which is technically true. But this remains a big security error. Recently, Google announced that it has fixed the issue on newer Google TV devices.
The search giant told 404 Media that most of its Google TV devices with the latest software updates no longer allow this shady behavior to occur. But for the rest of the devices, Google is working to provide a fix soon.
Android Central has reached out to Google for clarification on exactly how it plans to resolve the issue, and we will update this article once we receive a response.
