Contents:
A vulnerability in Google Home speakers could have allowed threat actors to remotely listen in on user conversations. The issue was reported to Google by security researcher Matt Kunze, who won a bug bounty of $107,500.
According to Kunze’s technical summary of the flaw, an attacker within wireless proximity might potentially install a ‘backdoor’ account on the device. Once installed, threat actors could send commands to the speaker remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s network.
Additionally, an attacker could access the victim’s Wi-Fi password and access other devices on the same network.
Kunze discovered the issue while investigating whether it was easy to add new users to the Google Home app. By linking an account to the device, Kunze was able to gain a lot of control over it. For example, a new account could send commands directly to the device using the cloud API.
The Attacker Could Gain Control via a Malicious App
To snoop on victims’ conversations, an attacker would have to trick them into installing a malicious Android app, which would connect the attacker’s account to the device. If the attacker completes all the steps in this scenario, they would be able to adjust the devices’ volume, call a specific phone number, and listen in on the victim using the microphone on the Google Home speaker, explains Cybernews.
According to the researcher, the only giveaway would be a blue LED on the device that “turns solid blue” when the speaker is on and the victim would assume the device is doing an update or performing some unimportant task.
The attack scenario and technical summary of the vulnerability are available on Matt Kunze’s blog here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.