Read Time:1 Minute, 35 Second
Google Home Smart Speakers claiming to automate the house for safety and convenience may not be as safe as we thought.
A security researcher, Matt Kunze, published a write-up two days before the new year disclosing that Google smart home speakers could be used to breach any home. It can serve as a wiretapping device where backdoors can be installed.
MEMS microphones have, however, already shown themselves to be unreliable. A team of researchers also learned of a method known as Light Commands in November 2019. It enables attackers to use light to insert inaudible and unseen commands into well-known voice assistants, including Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri.
The flaws “allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN,” mentioned Kunze.
Other devices connected to the hub can also be compromised, along with the Wi-Fi password. The problem is that a malicious Google user account may be added to a target’s home automation system by exploiting the Google Home software architecture.
No matter the attack sequence used, a successful connection technique enables the attacker to take advantage of Google Home features to mute the device’s volume to zero and call a pre-set phone number whenever they wish to listen in on the victim through the microphone.
“The only thing the victim may notice is that the device’s LEDs turn solid blue, but they’d probably just assume it’s updating the firmware or something,
“During a call, the LEDs do not pulse like they normally do when the device is listening, so there is no indication that the microphone is open,” Kunze emphasised.
Because of discovering this loophole in Google speakers, Kunze received a bug bounty of $107,500.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
