Google Home speakers allowed hackers to spy on users

According to a recent report, a bug in Google Home smart speakers allowed the installation of a backdoor account that could be used to control the device and access its microphone stream. In short, hackers could take control of Google devices to spy on users by listening to their conversations.

Bleeping Computer reports that a vulnerability in Google Home smart speakers has allowed the creation of a backdoor account that could be used to remotely control the device and access its microphone stream, potentially turning it into a spy tool.


The flaw was discovered by researcher Matt Kunze, who received a $107,500 reward for responsibly reporting it to Google the previous year. Kunze released technical details and an attack scenario illustrating the exploit late last week.

During his experimentation with a Google Home Mini speaker, Kunze discovered that new accounts created using the Google Home app could remotely send commands to the device via the cloud API. In order to capture encrypted HTTPS traffic and possibly obtain the user’s authorization token, the researcher used an Nmap scan to locate the local Google Home HTTP API port and configure a proxy.

Kunze discovered that adding a new user to the target device involved two steps: obtaining the device name, certificate, and “cloud ID” from its local API. This information is used to send a link request to the Google server. To add an unauthorized user to a target Google Home device, Kunze implemented the binding process in a Python script that automates the extraction of data from the local device and replicates the binding request.

The researcher has posted three proof-of-concept scripts on GitHub that demonstrate the actions involved in the hack. However, these scripts should not be effective on Google Home devices running the latest firmware. Proofs of concept go beyond just adding an unauthorized user and also allow for spying through the microphone, making arbitrary HTTP requests on the victim’s network, and reading/writing arbitrary files on the device.

Learn more about Bleeping Computer here.

Lucas Nolan is a reporter for Breitbart News covering free speech and online censorship issues. Follow him on Twitter @LucasNolan


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button