Google Home smart speakers apparently suffered from a bug that may allow hackers to install a backdoor account, which is then used to remotely control the device, access its microphone feed, and listen to the users’ conversations.

Matt Kunze, a researcher who found the issue, discovered the problem and was rewarded USD107,500 in 2021 by reporting it to Google. Now, the researcher released the technical details regarding the flaw and how hackers can take advantage of it.

Related

Kunze said that the new, unauthorized accounts added via the Google Home app could transmit commands remotely to the device via the cloud API.

The researcher summarized the whole process of the attack:

  1. The hacker wants to spy on the victim within wireless proximity of the Google Home speaker but does not have the owner’s WiFi password.
  2. The hacker discovers the user’s Google Home by listening for MAC addresses with prefixes linked to Google Inc.
  3. The hacker sends deauth packets to disconnect the Google Home device from its WiFi network and have it re-enter the setup mode.
  4. The hacker connects to the device’s setup network and asks for its device info which includes the name, cert, and cloud ID.
  5. The hacker connects to the internet and uses the hacked device’s information to link their account to the user’s device.
  6. The hacker can now snoop on the victim using their Google Home via the internet.

Kunze first discovered the issue in January 2021, sent more details to Google in March, and by April 2021, Google has fixed all the issues.

Via: Bleeping Computer



Leave a comment

Your email address will not be published. Required fields are marked *