One of the big hurdles in the smart home is privacy. The main fear that opponents of having a smart speaker in the home usually comment on is that they can spy on us; And while much has been done to address this issue, as the new case shows, the industry has not missed its share of scandals.
[Vivo con 8 altavoces inteligentes en una casa pequeña y es genial]
Now we have another to add to the list, and unfortunately it affects Google Home, the internet giant’s smart home platform. It turns out that for a while anyone could have taken control of our devices, including listening through the built-in microphones.
The Google Home bug
It was security researcher Matt Kunze who made this startling revelation, but luckily he waited to make it. First, the good news is that the bug you discovered It has been patched since at least the middle of last year.so all devices must already have been updated to fill this “hole”.
This allows us to focus on the issue itself and Google’s reaction upon discovering it. According to Kunze, the vulnerability allowed any user to join our Google Home account; Once inside, the attacker would have access to the same functions as us, including the ability to use Google Assistant voice commands
Among the accessible functions would be access to the microphone, so that the attacker could record our private conversations; but that’s not the only thing he would be able to do. It could also open your house or garage door, shop online, or control devices like smart light bulbs. Additionally, Kunze discovered that from this entry point, an attacker would also have access to the Phone calls
The researcher went so far as to create an attack to spy on conversations using the microphone of a Google Home Mini, using a malicious Android app as an attack vector.
As already mentioned, Google has already fixed these issues. Specifically, Kunze notified the company of its discovery in January 2021, and a fix was implemented in April. Google rewarded the discoverer with more than $100,000, and for good reason: if Kunze had wanted to, he could have sold this information on the Dark Web and probably earned a lot more.