December 30, 2022Rabbi LakshmananBug Bounty / Privacy

A security researcher was awarded a $107,500 bug bounty for identifying a security issue in Google Home smart speakers that could be exploited to install a backdoor and turn it into a wiretapping device.

This vulnerability allows an “attacker to install a “backdoor” account on a device in close proximity to the radio and remotely send commands over the Internet, access the microphone feed, and perform arbitrary actions within the victim’s LAN. ,” said the researchers. , goes by the name Matt. disclosed In a technical article published this week.

Making such a malicious request not only exposes the Wi-Fi password, but also gives the attacker direct access to other devices connected to the same network. The issue was fixed by Google in April 2021, following a responsible disclosure on January 8, 2021.

In a nutshell, the issue has to do with how Google Home software architecture is leveraged to add rogue Google user accounts to targeted home automation devices.

cyber security

The attack chain detailed by the researchers allows an attacker who wishes to eavesdrop on a victim to trick the individual into installing a malicious Android app. When the app detects her Google Home device on the network, it issues a stealth HTTP request to link the attacker’s account. to the victim’s device.

Taking things up a notch, Wi-Fi deauthentication attack Force Google Home device disconnect from networkyou can put the appliance into “setup mode” and create your own open Wi-Fi network.

The attacker then connects to the device’s setup network and Request details Like the device name, cloud_device_id, and certificate, they are used to link your account to your device.

Google Home smart speaker

Regardless of the attack sequence employed, a successful linking process will enable the adversary to take advantage of the attack. Google Home routine turn the volume down to zero call a specific phone number Spy on the victim through the device’s microphone at any point in time.

Google Home smart speaker

“The only thing the victim will notice is that the LED on the device will turn blue, but they will probably think they are updating the firmware or something,” said Matt. “During a call, the LED doesn’t flash like it normally does when the device is listening, so there’s no indication that the mic is open.”

Additionally, the attack can be extended to make arbitrary HTTP requests within the victim’s network, read files, and even introduce malicious changes to linked devices that are applied after a reboot. increase.

This isn’t the first time such attack methods have been devised to covertly snoop on potential targets via voice-activated devices.

In November 2019, a group of academics released a technology called Light Commands. This is because of her MEMS microphone, which allows an attacker to remotely inject inaudible or invisible commands into popular voice assistants such as her Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri. mentions vulnerabilities. with light.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog