Google Home smart speakers can be hacked and hackers can listen to your conversations / Digital Information World

Google Home smart speakers can be hacked and hackers can listen to your conversations / Digital Information World

Security researcher Matt Kunze discovered that hackers could plant a bug in a Google Home speaker and listen to all the conversations using the microphone feature. For this discovery, he was awarded $107,500 by Google.

The researcher discovered while experimenting with the Google Home speaker that new accounts registered using the Google Home app could remotely control it via the cloud API.

The researcher says the attacker needs to be in wireless proximity to a Google Home speaker, but doesn’t want the Wi-Fi password of the user he’s trying to spy on. He can get to know the victim’s Google Home speaker by scanning MAC addresses related to Google Inc.

The attacker then disconnects the device from the network and causes it to enter setup mode. After that, the attacker connects to the setup network of the device and then collects information about the device. The attacker then connects to the internet to link his account to the speaker and can spy on the victim using the speaker.

It was mentioned that this attack will not be successful if you are using the latest firmware version.

If a hacker’s fake account is connected to a Google Home speaker, it can perform various actions to harm the user’s privacy and security, such as making online purchases, controlling smart switches, remotely locking doors and vehicles, and infiltrating the victim’s PIN code for smart locks.

The hackers could automatically put a microphone in the speaker to start a conversation with the hacker’s phone number. This will allow the hacker to listen to and spy on the victim’s conversations. The only way to notice that the call is taking place is by checking the device for a blue LED light, but the victim may mistake this for the device updating its firmware.

See also  09 | November | 2022

Also, the hacker can play different media to creep out the victim, force the speaker to restart itself, rename the speaker, make it forget its Wi-Fi networks, and establish new Wi-Fi or Bluetooth connections.

This issue was discovered by researcher Kunz in January 2021, and all issues were resolved by April 2021 by Google. In the update, there is an invite-based mechanic that handles all account linking that stops any external interference except for those linked to Home.

However, the call also received new protection, so that it cannot be switched on remotely and requires authorization.

Read next: Minecraft secures top spot for Gen Z’s most popular video game in 2022

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *