Hack raises security questions over Google smart speakers

/in


It’s always there. Always listening.

Having a device like Google Home inside our house is pretty standard these days. From setting alarms to playing our favourite song using a simple voice command, the technology certainly comes in handy.

But have you ever felt uneasy about those always-active microphones?

Can we be sure our privacy is not being compromised?

IT professional and security researcher Matt Kunze was  messing around with Google Home one day when he made a concerning discovery.

In his blog, Kunze says “I noticed how easy it was to add new users to the device from the Google Home app. I also noticed that linking your account to the device gives you a surprising amount of control over it.”

Kunze was determined to find out if it was possible for an attacker to link their own Google account to someone’s Google Home and execute commands remotely on someone else’s network.

The result? Kunze, alarmingly, was able to turn his Google Home Mini into what could basically be described as a listening device.

Kunze says he was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet,  access its microphone feed, and make arbitrary HTTP requests.

Using tools like man-in-the-middle proxy (mitmproxy) enabled Kunze to observe traffic between the Google Home application on a smartphone and the Google Home device.

From there, he discovered that a Google account could be linked to the device by sourcing its information via a local API, and then sending a request to Google’s servers with information to link it.

Kunze wrote a Python script that takes Google credentials and an IP address and then links the Google account to the device at the given IP address.

Kunze then tried to think from the perspective of an attacker.

“Just how much control over the device does a linked account gives you, and what are some potential attack scenarios? I first targeted the routines feature, which allows you to execute voice commands on the device remotely. Doing some more…

Source…