According to a recent report, a bug in Google Home smart speakers allowed for the installation of a backdoor account that could be used to control the device and access its microphone feed.
In short, hackers could take over Google’s devices to spy on users by listening in on their conversations.that a vulnerability in Google Home smart speakers allowed the creation of a backdoor account that could be used to remotely control the device and access its microphone feed, potentially turning it into a spying tool.
The flaw was discovered by researcher Matt Kunze, who received a $107,500 reward for responsibly reporting it to Google in the previous year. Kunze published technical details and an attack scenario illustrating the exploit late last week. During his experimentation with a Google Home Mini speaker, Kunze discovered that new accounts created using the Google Home app could remotely send commands to the device through the cloud API. In order to capture the encrypted HTTPS traffic and potentially obtain the user authorization token, the researcher used a Nmap scan to locate the port for the local HTTP API of Google Home and set up a proxy.
Kunze found that adding a new user to the target device involves two steps: obtaining the device name, certificate, and “cloud ID” from its local API. This information makes it possible to send a link request to the Google server. To add an unauthorized user to a target Google Home device, Kunze implemented the linking process in a Python script that automated the extraction of local device data and reproduced the linking request.
The researcher released three proof-of-concept scripts on GitHub that demonstrate the actions involved in the hack. However, these scripts should not be effective on Google Home devices running the latest firmware version. The proofs-of-concept go beyond simply adding an unauthorized user and also enable spying through the microphone, making arbitrary HTTP requests on the victim’s network, and reading/writing arbitrary files on the device.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
US News & World Report to revamp ‘flawed’ law school rankings: reportUS News said it held meetings for nearly a month with law school deans over how to change its rankings system, after a handful of prestigious schools boycotted the rankings system.
Read more »
Home floods along shuttered Poway golf course, owner blames new home constructionA North County family filed an insurance claim after their home flooded during Sunday's storm. 10NewsLasky explains why the insurance company says they can't help them.
Read more »
Fable Report Reveals Far Away Release DateA new report about the upcoming Fable game has some bad news. According to this report, the reboot [...]
Read more »
4 Ways To Prevent Ski Injuries on the Slopes This Winter, According to a Ski InstructorShred the mountain without getting hurt. These simple safety precautions help you to avoid the most common ski injuries.
Read more »
How to Beat the Post-Holiday Slump at Work, According to ExecutivesEven though the spell of holiday magic might have worn off, you don’t need to spend your first week back at work in despair.
Read more »