Tag Archive for: speakers

Hack raises security questions over Google smart speakers

/in


It’s always there. Always listening.

Having a device like Google Home inside our house is pretty standard these days. From setting alarms to playing our favourite song using a simple voice command, the technology certainly comes in handy.

But have you ever felt uneasy about those always-active microphones?

Can we be sure our privacy is not being compromised?

IT professional and security researcher Matt Kunze was  messing around with Google Home one day when he made a concerning discovery.

In his blog, Kunze says “I noticed how easy it was to add new users to the device from the Google Home app. I also noticed that linking your account to the device gives you a surprising amount of control over it.”

Kunze was determined to find out if it was possible for an attacker to link their own Google account to someone’s Google Home and execute commands remotely on someone else’s network.

The result? Kunze, alarmingly, was able to turn his Google Home Mini into what could basically be described as a listening device.

Kunze says he was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet,  access its microphone feed, and make arbitrary HTTP requests.

Using tools like man-in-the-middle proxy (mitmproxy) enabled Kunze to observe traffic between the Google Home application on a smartphone and the Google Home device.

From there, he discovered that a Google account could be linked to the device by sourcing its information via a local API, and then sending a request to Google’s servers with information to link it.

Kunze wrote a Python script that takes Google credentials and an IP address and then links the Google account to the device at the given IP address.

Kunze then tried to think from the perspective of an attacker.

“Just how much control over the device does a linked account gives you, and what are some potential attack scenarios? I first targeted the routines feature, which allows you to execute voice commands on the device remotely. Doing some more…

Source…

Google Home speakers were at risk of eavesdropping hackers

/in


A security researcher recently revealed that Google Home speakers were susceptible to eavesdropping hackers in close proximity, reports Bleeping Computer.

Now, before you tell everyone on your contact list to unplug their devices, Google patched the issue and fixed the speaker’s vulnerability.

Alright, now some background. Security researcher Matt Kunze noticed a loophole allowing any clever hacker to install a “backdoor” account on your smart speaker.

More importantly, Kunze found that bad actors could potentially remotely send commands to the device, listen in on your every word, and even snoop on your other smart devices.

Kunze shows how he remotely listened in on a Google Home speaker

Here’s a quick video Kunze uploaded to YouTube showing how he can remotely tap into the device, eavesdrop, and record a conversation.

Before the fix, all an attacker had to do is be within wireless range, and boom – they had full access to your life.

And as if that wasn’t bad enough, they could potentially expose your Wi-Fi password or gain access to other devices.

Thankfully, the issue is now patched. Kanze brought this to Google’s attention, and the company rewarded him with $107,500 for responsibly disclosing the vulnerability.

Don’t panic – there’s no cause for concern

Now, before you go running for the hills (or at least unplugging all your gadgets), it’s worth noting that these types of vulnerabilities are rare.

In fact, Kunze states that Nest and Home devices are secure for the most part and don’t have many weaknesses for attackers to exploit.

So, you can probably keep your smart speaker plugged in without worrying, at least for now. To learn more, check out Kunze’s blog detailing everything in his research.

Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for…

Source…

Security researchers show how to eavesdrop on mobile phone calls by measuring the ear speaker’s tiny vibrations

/in


While it’s possible that malware on your smartphone could record your calls, it’s an increasingly difficult technical proposition. Instead, researchers from Texas A&M University and colleagues have demonstrated that it’s possible to eavesdrop on phone calls by measuring the tiny vibrations of the ear speaker using a phone’s built-in accelerometers and then decoding that data remotely to determine what was said. They call the method EarSpy. From Security Week:

They conducted tests on the OnePlus 7T and the OnePlus 9 smartphones — both running Android — and found that significantly more data can be captured by the accelerometer from the ear speaker due to the stereo speakers present in these newer models compared to the older model OnePlus phones, which did not have stereo speakers.

The experiments conducted by the academic researchers analyzed the reverberation effect of ear speakers on the accelerometer by extracting time-frequency domain features and spectrograms. The analysis focused on gender recognition, speaker recognition, and speech recognition[…]

When it comes to actual speech, the accuracy was up to 56% for capturing digits spoken in a phone call.

EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers(arXiv)

Source…

The Linux Foundation Announces Keynote Speakers for Open Source Summit Japan + Automotive Linux Summit 2021

/in


SAN FRANCISCO, Nov. 11, 2021 /PRNewswire/ — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open Source Summit Japan + Automotive Linux Summit 2021, taking place virtually December 14-15. One registration pass includes access to both events. The keynote speakers can be viewed here and the full schedule can be viewed here.

Open Source Summit Japan provides a forum for developers, architects and other technologists – as well as open source community and industry leaders – to learn how to gain a competitive advantage by using innovative, open solutions and to collaborate for the advancement of the world’s largest shared technologies. Automotive Linux Summit connects the developer community driving the innovation in this area together with the vendors and users providing and using the code in order to drive the future of embedded devices in the automotive arena.

Keynote speakers include:

  • Josh Aas, Executive Director of the Internet Security Research Group speaking on Prossimo and Let’s Encrypt
  • Brian Behlendorf, General Manager of the Open Source Security Foundation discussing efforts to secure open source software
  • Dan Cauchy, Executive Director of Automotive Grade Linux sharing on the state of open source and automotive
  • Dr. Ibrahim Haddad, Executive Director of LF AI + Data Foundation sharing on new projects and updates
  • Dr. Audrey Lee, Senior Director, Energy Strategy at Microsoft, and LF Energy Board Member, sharing how open source can help decarbonize power systems
  • Miguel Ojeda, Software Engineer and Rust for Linux Maintainer sharing updates
  • Kate Stewart, Vice President of Dependable Embedded Systems, The Linux Foundation sharing on SPDX and SBOMs
  • Jim Zemlin, Executive Director, The Linux Foundation discussing the state of open source and sharing on the latest Linux Foundation initiatives

Registration is US$50 and one registration pass provides access to both events. The events will be held in the Japan Standard Time Zone (UTC+09:00) and will be virtual, so all you will need is a computer and an internet connection.

Members of The Linux Foundation receive a 20 percent…

Source…