A feature of the Google search engine lets threat actors alter search results in a way that could be used to push political propaganda, oppressive views, or promote fake news.
The feature is known as the "knowledge panel" and is a box that usually appears at the right side of the search results, usually highlighting the main search result for a very specific query.
For example, searching for Barack Obama would bring a box showing information from Barack Obama's Wikipedia page, along with links to the former president's social media profiles.
But Wietze Beukema, a member of PwC's Cyber Threat Detection & Response team, has discovered that you can hijack these knowledge panels and add them to any search query, sometimes in a way that pushes legitimate search results way down the page, highlighting an incorrect result and making it look legitimate.
The way this can be done is by first searching for a legitimate item, and pressing the "share" icon that appears inside a knowledge panel.
This would generate a Google URL that when accessed in the browser would look like:
The "kgmid=/m/02883b" is a parameter that loads the Knowledge Graph entry for that particular knowledge panel --in this case the ZDNet panel.
Beukema discovered that this parameter can then be added to any other search query, like below, and would result in the knowledge panel appearing as a highlighted search result for any query, even incorrect ones.
Adding the "&kponly" at the end of this URL widens the knowledge panel to cover the entire width of the page, pushing the correct search results way down the page, and giving the idea that this panel is the most accurate result of them all.
While sharing search result page URLs for queries like "Who invented sliced bread" with an incorrect knowledge panel passes as an innocent prank, sharing malformed URLs for search queries like "Who's responsible for 9/11" and highlighting results like Judaism can have serious consequences in today's complicated political climate. Just imagine the damage you can do with manipulated Google URLs like these [1, 2, 3].
Link sharing is an important part of today's web and the way in which Google appears to have structured its URL parameters allows threat actors a way to essentially edit search results, which is a dangerous issue.
People trust Google and Facebook way too much these days, and tech companies should make sure this trust isn't turned against innocent people in a way that may lead to the loss of human life, as it sometimes happened in the past year with Facebook and WhatsApp.
"People have effectively been trained to take information from these boxes that appear when googling," said Beukema. "I have caught myself relying on the information presented by Google rather than studying the search results."
In a blog post revealing this issue, Beukema said he informed Google of this issue last year, but the company ignored his report, leaving the door open for search result manipulation.
Beukema believes that Google should remove these knowledge panels, or at least remove the "&kponly" parameter that makes the panels cover almost the entire area of the screen.
More tech coverage:
- How to enable and test the new Google Chrome dark mode on Windows 10
- Google working on blocking Back button hijacking in Chrome
- Google Chrome flaw patched three years after initial report
- Brave browser moves to Chromium codebase, now supports Chrome extensions
- Security researcher cracks Google's Widevine DRM (L3 only)
- Google Chrome's new UI is ugly, and people are very angry
- Brave is the default browser on obscure HTC crypto-phone CNET
- How to use Opera's Flow to sync your desktop and mobile browsers TechRepublic