A flaw in Google Home smart speakers could have enabled threat actors to remotely access the devices’ microphone feed and listen in on user conversation.
Security researcher Matt Kunze reported the issue to Google and was awarded a bug bounty of $107,500. According to the technical summary of the issue, an attacker could install a ‘backdoor’ account on the device within wireless proximity.
This would enable threat actors to send commands to the speaker remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN.
Moreover, an attacker could potentially access the victim’s Wi-Fi password and access other devices on the same network.
According to the researcher, he discovered the issue while investigating whether it was easy to add new users to the device from the Google Home app.
Kunze found out that linking an account to the device provides a lot of control over it. For example, a new account could send commands directly to the device via the cloud API.
An attacker wishing to snoop on victims’ conversation would have to trick the victim into installing a malicious Android app, which would allow linking the attacker’s account with the targeted device.
Completing the attack scenario Kunz detailed in his blog enabled the attacker to mess with devices’ volume, call a specific phone number, and listen in on the victim using the microphone in Google Home speaker.
The victim would be completely oblivious to the hack. According to the researcher, the only giveaway would be a blue LED on the device that “turns solid blue” when the speaker is on call.
However, Kunz says, the victim would likely think the device is updating or doing some other mundane task.
Your email address will not be published. Required fields are markedmarked