Google Home Speakers Security Loophole Allows Hackers to Snoop on Private Conversations

Recent revelations revealed that Google Home speakers contained a security flaw. hackers It is possible to listen in on conversations.

Reports indicate that hackers were able to exploit a bug to install a backdoor account onto a Google Home smart speaker device. They could then use the remote control to spy on owners. Bleeping Computer.

Security researcher Matt Kunze was recently rewarded Google provided $107,500 for his discovery of the security issue in January 2021. While experimenting with his Google Home mini speaker, he also received $107,500 from Google.

Kunze notified Google in March 2021 and later published the technical details about his findings, along with a potential attack scenario, which explained how the flaw could be exploited by an outside actor.

After setting up a new account through the Google Home app, he found a flaw that allowed commands from remote locations (cloud API).

Google Home, a line of smart speakers, was launched in 2016 to great fanfare. It allows users to speak commands and interact with Google Assistant services using voice commands.

Hackers can access Smart Speakers and Appliances through a grave loophole

Kunze noted that if a hacker got within wireless proximity of a speaker device, even without access to the Wi-Fi network that it was connected to, they could discover a user’s Google Home system.

After a user account is created, an actor could then access the user’s setup mode, install a different Google account, and then re-connect it to that unsuspecting person’s Wi-Fi network.

Once a hacker managed to connect their own account to the Google Home speaker, they would have access to the smart devices in the victim’s home by initiating a phone call via the speaker, giving them the ability to hijack appliances, set up scheduled routines, and play music.

Meanwhile, many users were unaware of the smart speaker’s blue light alert that lights up when a phone was activated, assuming that the speaker was updating or was busy.

Google Update: Security Bug Fixed

Google has now made it impossible to add accounts remotely to the Google Home speaker. A patch included an invite-based system to manage account links. This was to block any attempts to add individuals to Home.

The phone call security system was also improved to protect against remote initiation of the routine system.

Google’s smart displays now have an improved setup network that requires a QR code to log in, allowing it to be protected with WPA2, meaning that a hacker would need physical access to a device to connect their account.

Kunze claimed that Google Nest devices and Home devices are, for most, quite secure. They don’t have many attack vectors. The vulnerabilities he discovered were subtle.

Apart from phone call privacy, he stated that an attacker could change the basic settings of a user.

The Epoch Times reached Google for comment.

Bryan S. Jung, a New York City native and resident, has a background in politics as well as the legal industry. He graduated from Binghamton University.