Security flaw in Google Home speakers
Specifically, it is a google home speaker error which allowed an attacker to install a back door which could be used for eavesdropping. They could remotely control the device and access the microphone. They could listen to conversations and, logically, compromise the privacy of the victim.
But how have you detected this problem? It was through a rewards program to detect vulnerabilities and Google offered a financial sum for it. Security researcher Matt Kunze was the one who made the discovery and later published the technical details and how they could exploit the problem.
This security researcher started experimenting with a Google Home speaker. He discovered that the new accounts added via the Google Home app they could remotely send commands via the cloud API. It was able to capture the traffic. I could send a link request to the Google server and be able to initiate the link.
On GitHub he uploaded the full report on how he managed to exploit this bug. There he shows how it is possible to spy on a victim over the Internet using a Google Home speaker.
What they can do through the Google Home speaker
The fact of having a unauthorized account Linked to a Google Home speaker can be a major problem. That empowers an attacker to control smart plugs, make online purchases, or even access smart locks that may be linked.
To all this must be added the possibility of activate the microphone on a certain moment. They do this by being able to make a call to a phone controlled by the attacker. Basically what it does is listen to that call, listen to everything that’s being said on the other end, on the Google Home speaker microphone. A way to spy on the victim.
But wouldn’t the victim notice anything if they were listening? The only thing she would see is the blue LED light illuminated. That would indicate a call is in progress, but can be mistaken for a firmware update.
An attacker could even play audio on that speaker. It could also force pairing with other devices, be they Bluetooth or Wi-Fi, as well as forget about linked wireless networks.
How can you avoid being spied on like this if you have a Google Home speaker? The solution is very simple: make sure you have the updated firmware. Not surprisingly, once the security researcher informed Google, they got to work and released patches to fix the problem. If you have the latest versions, you should not fear this vulnerability.