Security researcher discovered bug in Google Home, eavesdropping was possible
A vulnerability in the Google Home ecosystem made it possible to craft a backdoor to eavesdrop on users. The problem has since been solved by Google and the relevant security researcher has been compensated for his discovery.
Security researcher Matt Kunze discovered that with an account that had already been added, he could have his Google Home Mini execute commands, including switching on the microphone by calling the smart speaker. In a blog post he explains that an attacker with a Wi-Fi deauthentication attack was able to disconnect a Google Home product from the local network. This would require an attacker to be near the Wi-Fi network; information such as the name of the device, the certificate and the ‘cloud ID’ can also be retrieved in this way.
Once the attacker has captured this information, he can start the installation process of the smart speaker via the internet with a program specifically written for this purpose. In this way, Kunze managed to link a new Google account to the smart speaker. In addition to control over connected devices, an attacker could also ‘silently’ call his own number, for example. In this way, the security researcher managed to listen in via, in this case, his own Google Home Mini. During a call, a blue light lights up on the speaker, a different indicator than the flashing white light that normally lights up when the microphone is active.
Kunze made his discovery in early 2021 and informed Google almost immediately. The tech company came up with a solution a few months later and rewarded the security researcher with a total of more than $ 100,000. Initially, the payout was lower, but a year after the incident, Google increased the rewards for finding bugs in Google Nest and FitBit devices, after which Kunze received an additional reward.