Google Home speakers provided hackers with opportunity to eavesdrop

google home

The speakers had a security flaw that allowed hackers to remotely control the device. 

“Hey Google, lock the front door.” A lot of people trust home speakers to execute various actions in their homes. If you want to call someone, dim the lights, broadcast a message or if you just want to know whether it’s going to rain today, Google Assistent is your friend. But it turns out that the home speaker wasn’t completely reliable. And in 2021, the speakers turned out to be vulnerable to takeover by hackers.

Vulnerabilities

It’s the same for every electronic device that uses the internet to function: they’re susceptible to malicious attacks by people who want to acquire certain personal information from you. Especially devices that don’t have strong password protection. Or when it is easy to access the device just by being close to it. Matt Kunze, a cybersecurity researcher, discovered that it is fairly easy to link your own Google account to a Google Home speaker, just by being close to it. And apparently, linking your device to the speaker let’s you control it to some extent.

Commands

Kunze was surprised by the possibilities he had just by linking his Google account to the Google Home speaker. On his blog Downright Nifty, he writes: “Namely, the “routines” feature allows you to create shortcuts for running a series of other commands…routines allow anyone with an account linked to the device to send it commands remotely. In addition to remote control over the device, a linked account also allows you to install “actions” (tiny applications) onto it.” So what does this mean for people with a Google Home speaker? According to Screenrant, hackers can activate the microphone on the device remotely to give commands. Or they could have the device make a phone call to their own cell phones to listen in on people’s conversations. Android Police says that hackers could “operate switches, play music, turn on and off appliances, and more.”

Measures

Luckily, Kunze has communicated his findings with Google. The company immediately took measures to secure the Google Home speakers in April, 2021. According to Google, the issue is now fixed. It is no longer possible to remotely add an account to your Google Home device. There are no known cases of people being targeted by hackers through their Google Home speakers, but it is good to know that this won’t be an issue anymore. Kunze received a compensation of $107.500 for discovering the flaw and sharing it with the company.

Also read: 4 Ways hackers can use your phone number

Source: Screenrant, Android Police, Downright Nifty | Image: Unsplash, Kazden Cattapan