A security researcher has won a $107,500 bug bounty after discovering how hackers installed a backdoor on Google Home devices to take control of the microphone and covertly spy on the owner’s conversations.

Vulnerability hunter Matt Kunze first reported the issue to Google in early 2021. Because in his own experiments with his Google Home smart speaker, he found it easy to add new users via the Google Home app.

Kunze discovered that connected users can remotely send commands to paired Google Home devices via cloud APIs.

and technical blog postKunze described a possible attack scenario:

  1. Attackers are trying to spy on victims. An attacker can wirelessly get in close to her Google Home (but doesn’t know the victim’s Wi-Fi password).
  2. Attackers discover victims’ Google Homes by listening for MAC addresses with prefixes associated with Google Inc. (e.g. E4:F0:42).
  3. An attacker sends a deauthentication packet to force the device to disconnect from the network and enter setup mode.
  4. An attacker connects to a device’s setup network and requests its device information.
  5. The attacker connects to the Internet and uses the captured device information to link his account to the victim’s device.
  6. Attackers can now spy on victims via Google Home over the internet (no need to be near the device).

According to Kunze, malicious hackers who linked their accounts to targeted Google Home devices could now execute commands remotely. For example, controlling smart his switches, making online purchases, remotely unlocking doors and vehicles, brute-forcing the user’s her PIN to unlock smart locks, and more. .

Kunze is the Google Home speaker’s “call โ€ command, effectively sending all information picked up by the microphone to a phone number of the hackerโ€™s choosing.

Thankfully, Kunze responsibly disclosed the vulnerability to Google, preventing further exploitation of the security flaw. Google said he fixed the security hole in April 2021, but details have not yet been made public.

Of course, this meant millions of people bought vulnerable Google Home smart speakers for years.

Voice-activated devices have proven vulnerable to covert snooping in the past due to vulnerabilities, and it would be a brave man to bet that it won’t happen again. Their widespread adoption has made smart speakers a potential headache for those who prioritize privacy and security over convenience.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ยฉ๏ธ All rights reserved. | Blue Training Academy Blog