HQ/EMEAFind out how we can help your business
Recent research revealed that a critical bug in Google Home Smart speakers could enable a potential hacker to take over the smart device and spy on its users indoors.
The critical flaw was identified by a security researcher and revealed findings after studying the vulnerability. According to the researcher’s investigation, the flaw could allow the installation of backdoors and change Google Home Smart speakers into eavesdropping devices.
Fortunately, Google patched the issue in April 2021 after the responsible hacker disclosed the flaw in January of the same year. Moreover, the researcher has also developed a Proof-of-Concept for Google.
The Google Home vulnerability could also provide numerous abilities for an attacker.
Based on reports, the bug could allow an intruding adversary to install a backdoor account on an infected device, deploy remote commands, access the mic, and start arbitrary HTTP requests.
The actors could execute these malicious features if they are within the target’s LAN range since they could make a malicious request to expose the WiFi password. Hence, the attackers could obtain direct access to all devices linked to the network.
The researcher discovered that the problem was caused by the software architecture utilised in Google Home devices as it allows an attacker to add a rouge Google user account to the target’s home devices.
Furthermore, an adversary could trick a target into installing a compromised Android app to make the attack more efficient. Subsequently, it could spot a Google Home automation device connected to the network and elusively start requesting HTTP requests to link the threat actors’ account to the target’s device.
In addition, an attacker could initiate various functions, such as turning the speaker’s volume to zero and making calls to any phone number aside from eavesdropping on the victim through the mic.
The victim will not suspect any malicious movement since the device’s LED turns blue during the attack. The LED light on the Google Home Speaker indicates that the firmware has an update.
The researcher received more than a hundred thousand dollars after reporting the vulnerability to Google.
