March 26, 2019

A Method for Spreading Fake Info? “Using Google Knowledge Graph to Spoof Search Results”

Ed. Note from Gary Price:

What’s most interesting about the report below is that even with all of the attention about the dissemination of fake/false news and information online AND Google telling the public (and government officials) they’re working hard to reduce this from happenings

However, the company did nothing to to fix the problem discussed in the article EVEN AFTER knowing about it for over one year.  This is nothing new for Google in the sense that only after a story gets some press attention does Google do something to fix issues like these. It’s likely that at some point very soon the the problems described below with be fixed, changed. etc. 

From BleepingComputer.com:

Google’s Knowledge Graph, the informational panel displayed next to the results of popular search queries, can be spoofed to show arbitrary details, regardless of the input in the Google search box.

The trick can be carried out by anyone, as it involves zero technical knowledge, and could be used in humorous endeavors, like pranking someone, or for serious actions, like spreading fake information.

[Clip]

“As it turns out, you can add this parameter [kgmid] to any valid Google Search URL, and it will show you the Knowledge Graph card next to the search results of the search query,” says Wietze Beukema, who reported the issue to Google more than a year ago.

[Clip]

Beukema, who is a senior analyst at PwC UK, says that Google removing at least the ‘kponly’ parameter that eliminates the search results would be a step toward preventing this type of abuse; he believes that disabling ‘kgmid’ would be the better solution.

When he found the issue, Beukema says he was not the only one aware of it. Google has been informed of the possibility of abuse through this method but dismissed the bug report as it saw the vulnerability insufficiently severe to address.

Learn More, View Screenshots

See Also: Google Rolls Out Activity Cards to Help You Find Past Searches (via Bleeping Computer)

Gary Price About Gary Price

Gary Price (gprice@mediasourceinc.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at Ask.com, and is currently a contributing editor at Search Engine Land.

Share