Skip to main content

A simple bug makes it easy to spoof Google search results into spreading misinformation

A bug that anyone can easily exploit in Google makes it easy to kick out manipulated search results that look entirely real. The search manipulation bug was documented by Wietze Beukema, a London-based security specialist, who warned that a malicious user could use this bug to generate misinformation. By splicing together values from a Google […]

A bug that anyone can easily exploit in Google makes it easy to kick out manipulated search results that look entirely real.

The search manipulation bug was documented by Wietze Beukema, a London-based security specialist, who warned that a malicious user could use this bug to generate misinformation.

By splicing together values from a Google search result’s “knowledge graph,” the cards that pop up in search results to supplement the search query with visuals and quick facts. Anything from countries, planets, tech news sites and more have cards that appear on the right-side of Google’s search results, displaying other nuggets of information at a glance.

In a blog post, Beukema explained that the short, shareable URL when entered into a Google search result could be chopped and added to the web address any other search query.

So, when you’d search: “What is the capital of Britain,” you’d expect London to return. Actually, you can make it any value — such as Mars.

It also works if you search “Who is the US president?” You can just manipulate the result to read “Snoop Dogg.”

A bug makes it easy to put the contents of a knowledge card into a search result. (Image: TechCrunch)

The manipulated search query doesn’t break HTTPS, so anyone can craft a link, send it in an email, tweet it out, or share it on Facebook — and the recipient, one assumes, would be none the wiser. But that can be a real problem in an age of mistrust of internet companies after misinformation campaigns by nation state actors.

Beukema warned that this search manipulation bug could be used to spread factually incorrect information, or even propaganda.

“Who is responsible for 9/11?” can be pointed to George Bush, a widely held conspiracy theory. “Where was Barack Obama born?” can be pointed to Kenya, another conspiracy theory largely propagated by his successor, Donald Trump, who later backtracked on the claim.

And even, “Which party should I vote for?” can be pointed to either the Republicans or the Democrats.

No wonder so many people think the election was rigged if they think they can click a button and have a search engine tell them who to vote for.

The bug is still active at the time of writing. In fact, it’s been known about for almost three years. Beukema simply brought the issue to light after first discovering the issue more than a year ago. But it’s already sparked interest from the hacker community. One developer, Lucas Miller, took just a few hours to build a Python script to automatically generate fake results based on search queries.

It’s a mystery why Google, despite claims of political bias (though no evidence to say it’s true), has taken so long fix a basic weakness in its search results that would make the service far more trustworthy.

A Google spokesperson told TechCrunch that it was “working to fix” the issue.

Cybersecurity 101: How to browse the web securely and privately

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.