Google Home Speaker Hack: After being notified by security researcher Matt Kunze, Google offered him a bug bounty of $107,500. A technical summary of the problem indicates that an attacker in close wifi range could exploit this to gain access to the device and establish a “backdoor” account.
This would allow attackers to issue orders to the speaker via the Internet, listen in on its audio feed, and issue arbitrary HTTP requests from within the victim’s local area network. Furthermore, a potential attacker may obtain the victim’s Wi-Fi password and use it to compromise other devices on the same network.
The researcher claims he uncovered the flaw while looking into how simple it would be to add new users via the Google Home app. Kunze discovered that by connecting an account to the gadget, he had extensive management over it.
A new user account, for instance, may issue commands to the gadget straight away through the cloud API. Snooping on victims’ conversations requires the attacker to first link their account with the victim’s device, which can be done by tricking the victim into installing a malicious Android app.
Suppose an attacker followed the attack scenario Kunz described on his blog. Using the Google Home speaker’s microphone, they could change the volume, dial a specific number, and eavesdrop on the victim.
The hack would go unnoticed by the victim. The researcher claims that the only visible indicator that the speaker is currently on a call is a blue LED on the device that “turns solid blue.”
Kunz argues that the victim would assume the device is doing an update or other innocuous action. If you think this is interesting, please share it with your friends. For more updates and the latest news regarding celebrities, Visit Lighthousejournal.org.
For almost 4 years, Jason Martin has been a freelance writer for newspapers, journals, blogs, books, and online material. He covers the most recent news as well as many other topics.