"Google Home Speakers Allowed Hackers to Snoop on Conversations"

A flaw in the Google Home smart speaker allowed the installation of a backdoor account that could be used to remotely control it and transform it into an eavesdropping device by accessing the microphone feed. Matt Kunze, a researcher, uncovered the vulnerability and was paid $107,500 for responsibly reporting it to Google. The researcher disclosed technical information about the discovery and an attack scenario demonstrating how the vulnerability could be exploited. While examining his personal Google Home mini speaker, the researcher noticed that new accounts set up through the Google Home app could remotely send commands to it over the cloud Application Programming Interface (API). Using Nmap, he discovered the port for Google Home's local HTTP API. Then he configured a proxy to capture encrypted HTTPS traffic in an attempt to steal the user authorization token. The researcher noticed that adding a new user to the target device requires two steps involving the device's name, certificate, and cloud ID from its local API. They could send a link request to the Google server using this information. In order to add a user to a Google Home device, the analyst developed the link process in a Python script that automated the exfiltration of local device data and replicated the linking request. Linking a rogue account to the target device makes it possible to manipulate smart switches, make online purchases, remotely open doors and cars, or brute-force the user's PIN for smart locks using the Google Home speaker. This article continues to discuss the demonstrated exploitation of a bug in the Google Home smart speaker and the potential impact of this flaw. 

Bleeping Computer reports "Google Home Speakers Allowed Hackers to Snoop on Conversations"