The “knowledge panel” on Google’s search engine lets threat actors alter search results in a way that could be used to push political propaganda, oppressive views, or promote fake news. The “knowledge panel” is a box that usually appears at the right side of the search results, usually highlighting the main search result for a very specific query.
Wietze Beukema, a member of PwC’s Cyber Threat Detection & Response team, has discovered that you can hijack these knowledge panels and add them to any search query, sometimes in a way that pushes legitimate search results way down the page, highlighting an incorrect result and making it look legitimate.
Experts comments below:
Paul Bischoff, Privacy Advocate at Comparitech:
“The important thing to note here is that no one will see modified knowledge panels for searches they run on their own, such as from the Google home page, Chrome address bar, or Android’s Google search bar. This exploit only works by sharing links to Google Search results pages. Those links contain additional parameters inserted by the person who shares the link, and such modified results will not be returned through normal use of Google.
That being said, Google should certainly try to curb abuse of its knowledge panel results and close off this exploit as quickly as possible. While most people probably don’t share Google results pages as evidence of political views, the number who do is sure to be non-zero. Now that this exploit is out in the open, we could see it adopted more often for malicious purposes.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.