A security researcher has won a $107,500 bug bounty after discovering how hackers installed a backdoor on Google Home devices to take control of the microphone and covertly spy on the owner’s conversations.
Vulnerability hunter Matt Kunze first reported the issue to Google in early 2021. Because in his own experiments with his Google Home smart speaker, he found it easy to add new users via the Google Home app.
Kunze discovered that connected users can remotely send commands to paired Google Home devices via cloud APIs.
and technical blog postKunze described a possible attack scenario:
- Attackers are trying to spy on victims. An attacker can wirelessly get in close to her Google Home (but doesn’t know the victim’s Wi-Fi password).
- Attackers discover victims’ Google Homes by listening for MAC addresses with prefixes associated with Google Inc. (e.g.
- An attacker sends a deauthentication packet to force the device to disconnect from the network and enter setup mode.
- An attacker connects to a device’s setup network and requests its device information.
- The attacker connects to the Internet and uses the captured device information to link his account to the victim’s device.
- Attackers can now spy on victims via Google Home over the internet (no need to be near the device).
According to Kunze, malicious hackers who linked their accounts to targeted Google Home devices could now execute commands remotely. For example, controlling smart his switches, making online purchases, remotely unlocking doors and vehicles, brute-forcing the user’s her PIN to unlock smart locks, and more. .
Kunze is the Google Home speaker’s “call
Thankfully, Kunze responsibly disclosed the vulnerability to Google, preventing further exploitation of the security flaw. Google said he fixed the security hole in April 2021, but details have not yet been made public.
Of course, this meant millions of people bought vulnerable Google Home smart speakers for years.
Voice-activated devices have proven vulnerable to covert snooping in the past due to vulnerabilities, and it would be a brave man to bet that it won’t happen again. Their widespread adoption has made smart speakers a potential headache for those who prioritize privacy and security over convenience.