Viewing a single comment thread. View all comments

chrisdh79 OP t1_j249z9f wrote

From the article: A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.

A researcher discovered the issue and received $107,500 for responsibly reporting it to Google last year. Earlier this week, the researcher published technical details about the finding and an attack scenario to show how the flaw could be leveraged.

While experimenting with his own Google Home mini speaker, the researcher discovered that new accounts added using the Google Home app could send commands to it remotely via the cloud API.

Using a Nmap scan, the researcher found the port for the local HTTP API of Google Home, so he set up a proxy to capture the encrypted HTTPS traffic, hoping to snatch the user authorization token.

51

ZaNobeyA t1_j26b8wo wrote

few days ago. I've had the google hub reset and set up with a different google account. I still had control over it with the previous account from a phone. I wonder if this is correlated somehow.

8

One-Weather-740 t1_j26lego wrote

"Yes mr. police officer, they stole my bitcoin through my speaker"

7