Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Google Home speakers were vulnerable to eavesdropping hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

A security researcher disclosed the issue to Google, and it’s now fixed

No matter which great smart speaker you pick for your home, the premise is always the same: You need to trust the company behind it with your voice recordings and other peripheral sounds of your home. But whenever computers are involved, vulnerabilities exist and can be exploited. This is the case for Google Home smart speakers, too. A researcher spotted a way to eavesdrop on Google smart speakers in proximity.


Security researcher Matt Kunze noticed that setting up a Google Home speaker with a Google account was pretty easy, all while bringing a ton of powerful tools to the account owner (via Bleeping Computer). Once an account is set up, it’s possible to control smart home devices, create and start routines, and even make phone calls.

Kunze was interested to see if it was easy to connect a new Google account to a Google Home speaker. With physical proximity to the speaker, that turned out to be an easy task—even without access to the Wi-Fi network that the speaker is connected to. It’s done by remotely putting the Google Home into its setup mode and then injecting a different Google account, and then re-connecting it to the victim’s Wi-Fi network.

Once a hacker manages to connect their account to the Google Home speaker, they get access to the smart devices in the victim’s home. The bad actor could operate switches, play music, turn on and off appliances, and more. A hacker can also initiate a phone call via the smart home speaker, making it possible to record everything happening in the victim’s home. While in a phone call, the smart speaker’s lights turn blue, but if the victim is someone who doesn’t use this feature or isn’t well versed with Google Home’s options, they might just assume the speaker is updating or otherwise busy.

Kunze disclosed the issue to Google in March 2021 after first discovering the problem in January 2021. Google has since paid out a little over $100,000 for the report and fixed the issue. It is no longer possible to add an account to a Google Home speaker remotely, even if it’s still possible to remotely activate the setup mode. Phone calls as made in the video are also no longer possible, as you can’t make them part of routines anymore.

Meanwhile, Google’s excellent smart displays offer a more protected setup thanks to their ability to show a QR code when you set them up. That way, their setup network can be protected with WPA2, which means an attacker would need physical access to the device itself to connect their account to it.

Despite the hack, the security researcher affirms that Nest and Home devices are extraordinarily secure for the most part and don’t offer a lot of attack vectors. He says that the vulnerabilities he discovered were pretty subtle, and that usually the most an attacker could do is change some basic settings.


Click Here For The Original Story From This Source.

National Cyber Security