A security flaw in the Google Home ecosystem allowed the creation of a backdoor to eavesdrop on users. The issue has since been fixed by Google and the relevant security researcher has been compensated for its discovery.
Security researcher Matt Kunz discovered that with an account already added, he could have his Google Home Mini carry out commands, including turning on the microphone by connecting to the smart speaker. in a blog post Shows that an attacker with a Wi-Fi deauthorization attack was able to disconnect the Google Home product from the local network. This would require the attacker to be in close proximity to the Wi-Fi network; Information such as device name, certificate, and Cloud ID can also be retrieved this way.
Once the attacker receives this information, he can start the smart speaker installation process over the Internet using software written specifically for this purpose. In this way, Kunze was able to link a new Google account to the smart speaker. In addition to controlling the connected devices, the attacker can also “silently” dial his number, for example. In this way, the security researcher was able to listen through his Google Home Mini in this case. During a call, a blue light illuminates on the speakerphone, which is a different indicator than the blinking white light that normally lights up when the microphone is active.
Koons discovered it in early 2021 and reported it to Google almost immediately. The tech company came up with a solution a few months later and awarded the security researcher a total of more than $100,000. At first, the return was lower, but a year after the incident, Google increased the rewards for finding bugs in Google Nest and FitBit devices, after which Kunze received an additional reward.