Researcher hacks Google smart speaker and turns it into a wiretap and worse
Earlier this week, a researcher/programmer/ethical hacker Matt Kunze released a blog post detailing a serious vulnerability in Google smart home speakers that could give hackers remote control over the devices. In his blog post, Matt details how the vulnerability was discovered and then explains in frightening details exactly how this backdoor could be used to access a wide range of commands and actions using the affected Google speaker. The potential for attack stemmed from a vulnerability that could allow someone to add themselves to the Google Home App. From there, a hacker would have the ability to control devices connected to the account. Once connected, an attacker could utilize voice commands to activate the microphone on a given device. You can imagine how much chaos could ensue from that point. Potentially, the device could then be used to do anything that the Google speaker was capable of as it relates to any other connected devices in the home. Here are some examples of potential actions:Control smart home switches Given the fact that the hack gave the attacker access to the devices microphone, Matt laid out a potential scenario in which the attacker could use a Google smart speaker to spy on a household. Essentially, giving the attacker untethered access to listen from the speaker at any time. As pointed out in his blog post, this hack would not require the attacker to have wi-fi credentials to access the device. Victim installs attacker’s malicious Android app. The Good News |