Google smart speaker can be used by attacker to listen in to your private convos

By Scott Marlette Last updated Jan 3, 2023

Imagine if someone was listening in to conversations taking place in your home. You certainly would feel vulnerable. A researcher named Matt Kunze discovered that hackers can be spying on you and your family via a Google Home smart speaker. According to BleepingComputer (via AndroidCentral), Kunze was messing around with a Nest Mini when he discovered that a rogue or “backdoor” account could be created using the Google Home app. That account could then be used to control the smart speaker giving a bad actor access to the microphone feed and other features of the device remotely.

Kunze received $107,500 from Google for discovering this vulnerability which turned the Google Nest Mini from a smart speaker into a device able to snoop on the user’s conversations and more. The rogue account can be used to control the smart speaker by sending it commands remotely via the cloud API (application programming interface). The API allows two or more computer programs to communicate.

The information needed to hack the Nest Mini would include the name of the device, the certificate, and the Cloud ID. With this info, the hacker can send a request to Google’s server requesting a link to the smart speaker allowing the device to be used to make online transactions, control smart appliances, unlock the front door, and more. The hacker could also have the speaker call his phone allowing him to listen in to a conversation taking place around the home using the speaker’s microphone.

The researcher was able to make this happen by creating a malicious routine that included the “call [phone number]” command. This activated the microphone at a specified time, calling the attacker’s phone (as we mentioned in the above paragraph) allowing him to listen in via the microphone on the smart speaker. Kunze recorded a video showing how the Nest Mini’s microphone can send conversations to a smartphone, which in this case would be in the possession of the bad actor.

The malicious setting which allows the smart speaker to capture audio from the speaker’s microphone

The issue was discovered by Kunze in January 2021 and Google fixed it in April 2021. Anyone running the latest firmware should not be concerned with this issue.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.