One of our biggest fears when using the internet is that someone could access our private information or listen to everything that we’re saying. Recently Mark Kunze, a security researcher, discovered that your Google Home speakers could be posing such a threat by acting as a bug.
Kunze’s discovery got him a sum of $107 500 from Google. Stay with us and discover what this technical issue could mean for the security of your internet and Google home speaker. According to his technical summary, this means that an attacker can install a ‘backdoor account’ on your Google home speaker as long as they’re within wireless proximity.
While Khunze was doing his research using his mini Google Home speaker, he discovered the following:
- If a backdoor account is installed: it can be used to control your device by sending remote commands. This means your device can be turned into a spying device by accessing its microphone feed.
- A snooper could also access a victim’s Wi-Fi password and other devices on a similar network. With the victim’s device, the attacker could call a specific phone number and mess with the device’s volume
- Using the Nmap scan, Kunze found the port for the local HTTP API of Google home. This helped to set up a proxy to capture any encrypted HTTPS traffic with the hope of snatching the authorization token.
The researcher Kunze says the only thing that alerts the victim is the blue LED light on the device that turns solid blue when the speaker is on call. If the victim isn’t familiar with this, they are likely to think the device is updating or performing another important task.
Another piece of great news is that there is no evidence of this security loophole being misused by anyone. All thanks to Kunze and his amazing research skills. He also has a detailed report on the research work done if you need to know more.