1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google Home speakers could have been hijacked to spy on your conv

    From TechnologyDaily@1337:1/100 to All on Fri Dec 30 11:15:03 2022
    Google Home speakers could have been hijacked to spy on your conversations

    Date:
    Fri, 30 Dec 2022 11:01:38 +0000

    Description:
    Flaw in Google Home mini speakers could add new accounts to the device and eavesdrop on owners.

    FULL STORY ======================================================================

    Some Google Home smart speakers could have been hijacked to control the
    device remotely, and even listen in on peoples private conversations, a security expert has claimed.

    The bug was discovered by cybersecurity researcher Matt Kunze, who received $107,500 in bounty rewards for responsibly reporting it to Google.

    Kunze, who was investigating his own personal Google Home mini speaker for possible issues, explained in a blog post how he found a way to add another Google account to the device, which would be enough to be able to eavesdrop
    on people. Adding rogue accounts

    First, the attacker needs to be within wireless proximity of the device, and listen to MAC addresses with prefixes associated with Google.

    After that, they can send deauth packets, to disconnect the device from the network and trigger the setup mode. In the setup mode, they request device info, and use that information to link their account to the device and - voila! - they can now spy on the device owners over the internet, and can
    move away from the WiFi. Read more

    How to choose the perfect smart speaker for you


    Smart speakers to drive smart home devices growth - 2 billion units by
    this year


    Check out the best ID theft protection solutions around

    But the risk is bigger than just listening to peoples conversations. Many smart home speaker users connect their devices with various other smart devices, such as door locks and smart switches. Furthermore, the researcher found a way to abuse the call phone number command, and have the device call the attacker at a specified time and feed live audio.

    The bug was discovered in early 2021 and patched up by April 2022, with
    Google addressing the issue by creating a new invite-based system for account linking, blocking any accounts not added on Home.

    That being said, to make sure there is no risk, Google Home users are advised to update the endpoints firmware to the latest version as soon as possible. Check out the best endpoint protection services around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-home-speakers-could-have-been-hijacked-t o-spy-on-your-conversations


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)