Hackers have managed to spy on conversations near Google Home speakers by exploiting a software flaw.
Rishi Mohan sur Unsplash
Rest assured: the security flaw was fixed by Google in 2021, Google Home speakers updated automatically. However, today we learn of the existence of a flaw that could be exploited.
It was a computer security researcher who reported the vulnerability to Google in April 2021, he received $107,500 for this find. Concretely, it was possible to take control of the smart speaker remotely and transform it into a perfect spy device by accessing the microphone. How ? It wasn’t that simple, which rules out massive hacking.
Microphone access was possible
On a Google Home Mini, the Google Home API (Local Home SDK) has been investigated to intercept encrypted traffic over HTTPS, in hopes of stealing the user’s authorization token. This may have exposed a flaw that allows a new user to be added to the target device, with a two-step process that requires the device name, certificate, and “cloud ID” from the API local.
While the microphone was on, the device LED was blue, which was the only indication that hacking activity was taking place.
It’s not an easy flaw to exploit, so we hope hackers haven’t used it to eavesdrop on private conversations. However, since this flaw could only be exploited on a specific Google Home, it is more likely that it was used to spy on target individuals or businesses rather than on a massive scale.
It is essential to remain vigilant about the security of our connected devices and to take the necessary measures to protect our privacy. If you have a Google Home, be sure to check regularly for security updates are installed, simply by connecting it to the internet if this is not the case, and installing them in order to protect your device against hacking. There are also, depending on the device, functions to physically block access to a microphone or the camera.
Let’s face it, few of us have the right safety reflexes. However, our smartphones, our tablets and our PCs house a great deal of private data. So you are surely interested in following these…
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.