Google Home speakers could have been hijacked to spy on your conversations

Experts uncover Google Home flaw that could have affected user privacy

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

SomeGoogleHome smart speakers could have been hijacked to control the device remotely, and even listen in on people’sprivateconversations, a security expert has claimed.

The bug was discovered by cybersecurity researcher Matt Kunze, who received $107,500 in bounty rewards for responsibly reporting it to Google.

Kunze, who was investigating his own personal Google Home mini speaker for possible issues, explained in ablog posthow he found a way to add another Google account to the device, which would be enough to be able to eavesdrop on people.

Adding rogue accounts

First, the attacker needs to be within wireless proximity of the device, and listen to MAC addresses with prefixes associated with Google.

After that, they can send deauth packets, to disconnect the device from the network and trigger the setup mode. In the setup mode, they request device info, and use that information to link their account to the device and - voila! - they can now spy on the device owners over the internet, and can move away from the WiFi.

How to choose the perfect smart speaker for you>Smart speakers to drive smart home devices growth - 2 billion units by this year>Check out the best ID theft protection solutions around

But the risk is bigger than “just” listening to people’s conversations. Many smart home speaker users connect their devices with various other smart devices, such as door locks and smart switches. Furthermore, the researcher found a way to abuse the “call phone number” command, and have the device call the attacker at a specified time and feed live audio.

The bug was discovered in early 2021 and patched up by April 2022, with Google addressing the issue by creating a new invite-based system for account linking, blocking any accounts not added on Home.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

That being said, to make sure there is no risk, Google Home users are advised to update the endpoint’s firmware to the latest version as soon as possible.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs