ZDNet has reported on a security researcher’s discovery that Google’s Knowledge Panels can be manipulated. The researcher notified Google about this a year ago, but the company declined to address the alleged exploit. It’s possible that Google did not see it as a genuine threat.
However, there are still reasons why resolving this issue might be worthwhile.
Not a Hijacking Exploit
The supposed exploit allows for the alteration of Google’s Knowledge Panel, enabling the insertion of any other knowledge panel into numerous search results at will.
For instance, the search results for "Who is the Best SEO?" can be altered.
The exploit can be used to generate a search result that clearly has been modified. It’s surprisingly easy, allowing virtually anyone to do it.
Why It Is Not a Manipulation of Search Results
ZDNet claims in its article title that Google search results can be manipulated for propaganda. Yet, there’s more nuance to the situation than the headline suggests.
This so-called exploit doesn’t change Google’s search results on the server or for anyone else who isn’t looking at a specific URL.
What it actually does is let someone modify the URL parameters to create a tailored version of Google’s search results.
What Are URL Parameters?
A URL parameter consists of code within a URL. It starts after the question mark (?) in the URL.
URL parameters pass data to the server, informing it about your referring site or browser type, which in turn affects the display of search results.
In this instance, changing the URL parameter results in the SERP featuring any knowledge panel you wish.
Does the Knowledge Panel Exploit Change Search Results?
Altering the URL parameters doesn’t change the search results universally on Google. It only affects the search results for the person making the change or someone who accesses an altered search result via a specific link.
Is the Knowledge Panel Exploit Dangerous?
The danger arises from how someone might use these altered URLs maliciously. Misleading people is a potential risk.
It’s an overstatement to claim that Google’s search results are entirely manipulable, suggesting that all results can be altered for everyone — this is not correct.
At its core, this is more of a curious trick than anything else, though it remains to be seen whether it could be used harmfully.
Update 01-16-2019
Google appears to have addressed the issue, but this fix might unintentionally create problems for those using MREIDs in their structured data linked to their Google Knowledge Panel. This issue could arise if the search involves the phrase "knowledge graph search api." A simple fix is to generate a new search using your MREID with your entity in the search box.
Read more in the ZDNet Article: Google Search Results Listings Can be Manipulated for Propaganda
Screenshots by the author, modified by the author.