Wire-tapping Google Nest speakers to spy on owners (patched in 2021)

Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Content source
https://www.bleepingcomputer.com/news/security/google-home-speakers-allowed-hackers-to-snoop-on-conversations/
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.

Researcher Matt Kunze discovered the issue and received $107,500 for responsibly reporting it to Google last year. Earlier this week, the researcher published technical details about the finding and an attack scenario to show how the flaw could be leveraged.
Click to expand...
Kunze discovered the issues in January 2021 and sent additional details and PoCs in March 2021. Google fixed all problems in April 2021.

The patch includes a new invite-based system to handle account links, which blocks any attempts not added on Home.
Click to expand...

Read full publication:

Turning Google smart speakers into wiretaps for $100k

I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet...
downrightnifty.me

Google Home’s architecture is based on Chromecast. Chromecast doesn’t place much emphasis on security against proximity-based attacks because it’s mostly unnecessary. What’s the worst that could happen if someone hacks your Chromecast? Maybe they could play obscene videos? However, the Google Home is a much more security-critical device, due to the fact that it has control over your other smart home devices, and a microphone. If the Google Home architecture had been built from scratch, I imagine that these issues would have never existed.

Ever since the first Google Home device released in November 2016, Google continued to add more and more features to the device’s cloud APIs as time went on, like scheduled routines (July 2018) and the Local Home SDK (April 2020). I’m guessing that the engineers behind these features were under the assumption that the account linking process was secure.

Many other security researchers had already given the Google Home a look before me, but somehow it appears that none of them noticed these seemingly glaring issues. I guess they were mainly focused on the endpoints that the local API exposed and what an attacker could do with those.
Click to expand...
 
  • Like
Reactions: silversurfer, vtqhtr413, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

vtqhtr413
    • +Reputation
    • Like
    • Applause
Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
Replies
0
Views
1,031
News Archive
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
    • +Reputation
'Evil Telegram' Android apps on Google Play infected 60K with spyware
Replies
5
Views
1,972
News Archive
TairikuOkami
TairikuOkami
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Retool blames breach on Google Authenticator MFA cloud sync feature
Replies
8
Views
1,653
News Archive
Sandbox Breaker
Sandbox Breaker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top