- PwC’s Cyber Threat Detection & Response team member Wietze Beukema identified a glaring flaw in Google Knowledge Panel.
- Search results highlighted by the feature can have their URL’s modified to highlight propaganda and fake news.
- Google ignored Beukema’s findings and has not patched the issue so far.
Google’s Knowledge Panel is a core feature of the search engine that is responsible for highlighting search results for specific queries. PwC’s Cyber Threat Detection & Response team member Wietze Beukema published a detailed report that highlights how the feature can be manipulated to spread oppressive views, fake news, and political propaganda.
It is possible to exploit Google’s Knowledge Panel feature to get an incorrect search result highlighted. The average internet user wants information in seconds, and the best way to use Google is to put in a query and check the first few results. The search engine developed the Knowledge Panel feature to make it easier to pick up information from top search results without needing to open URLs, but it seems like it has its flaws.
The exploit involves searching for any legitimate term on Google and clicking on the Share icon that is visible in the knowledge panel. A unique URL is created which can be shared with other internet users. The URLs contain a parameter which can be added to any search query and intentionally highlights content that spreads propaganda, fake news or any inaccurate. The URL can also be changed to make the knowledge panel cover the entire width of your web browser, effectively pushing down legitimate search queries. These URLs are modified – Link1, Link2, Link3.
Fake news has been a major problem, and it’s not just Google, platforms like Facebook and WhatsApp have suffered as well. Even though Beukema contacted Google about the issue last year, the tech giant has ignored his findings and has left the search engine open to exploitation. According to Beukema, possible solutions include removing the Knowledge Panel feature or modifying the generated URLs to prevent exploitation.