“I’ve noticed that linking your account to the device gives you a surprising amount of control over it,” said researcher Matt Kunze.
A bug in Google Home smart speakers allowed you to install backdoor accounts to control them remotely and spy on user conversations.
A researcher named Matt Kunze discovered the security issue and received $107,500 in compensation from Google for “responsibly” reporting his finding last year. This week, Kunze provided technical details related to the bug on his personal blog.
While experimenting with his own loudspeaker, the researcher discovered “how easy it was to add new users to the device from the Google Home app”. “I’ve also noticed that linking your account to the device gives you a surprising amount of control over it,” she noted. It was then that “I decided to investigate the bonding process and determine how easy it would be to link an account from an attacker’s perspectiveKunze added.
First, you must be in wireless proximity to the device and watch for MAC addresses with prefixes associated with Google. Subsequently, the device can be disconnected from the network using a deauthorize command and enter configuration mode. The final step is to request information from the device and use it to link the account. Upon completion of the process, you can spy on speaker owners over the internet.
Kunze discovered the problems in January 2021 and Google ended up fixing it in April of the same year. The company created a new invite-based system for linking accounts, blocking any account not added on Start.
“Many other security researchers had already taken a look at Google Home before me, but it seems that none of them noticed these seemingly obvious problems,” the researcher said, noting that Google Home is a “security-critical” device, due to to the fact that he has control over other smart home devices and a microphone“.
Source: RT
