For identifying security issues with Google Home smart speakers, a security researcher recently received a bug bounty award of $107,500. It is possible to exploit these issues to install backdoors into the software and make it able to spy on you remotely.
A researcher, who uses the name Matt, said this week in a technical write-up published by the University of Washington that it has been discovered that the flaws could be exploited by attackers who are within a wireless range of the device by installing a 'backdoor' account on the device so that they could access the microphone feed of the device remotely, send commands remotely through the internet, and make arbitrary HTTP requests within the victim's local area network, according to the researcher, Matt, who wrote a technical report published earlier this week.
This malicious request, coupled with an attempt to identify the Wi-Fi password, could not only expose the Wi-Fi password but could also allow the adversary direct access to other connected devices on the same network so that he could carry out further attacks. In April 2021, Google remediated the issues that had arisen as a result of their responsible disclosure on January 8, 2021.
This problem, to put it modestly, is related to how the software architecture of Google Home can be exploited to add a rogue Google account to a target's home automation system, which in turn would facilitate the theft of valuable data.
The researcher has outlined a chain of attacks in which a threat actor would seek to eavesdrop on a victim. The goal is to convince the victim to install a malicious Android app.
When the app detects a Google Home device is present on the network, it installs itself on the device. It then issues a stealthy HTTP request to connect an attacker's account to the victim's.
In addition, it has also been reported that it is possible to force a Google Home device into "setup mode" and to create its open Wi-Fi network if an attacker can stage a Wi-Fi de-authentication attack to get it disconnected from the networks.
Upon connecting to the device's setup network, the threat actor can request information such as the device name, cloud_device_id, and certificate of the device. In this way, they will be able to link their devices to their accounts by using them.
The adversary can take advantage of the routines built into Google Home, regardless of the attack sequence used. This is done by using a successful connection to turn down the volume to zero on Google Home. As a result of this, the adversary can make a call to an exact telephone number to spy on the victim. This is done through the microphone of the device at any given time.
According to Matt, the only thing that may come to notice to the victim would be that the device's LEDs would turn solid blue. However, they would probably just assume that it was an update to the firmware or something like that. When a call is taking place, the LEDs of the device do not pulse as they would if the device was listening. Due to this, the LEDs cannot detect the microphone during a call.
The attacker can also extend this attack to the point of attempting arbitrary HTTP requests inside the victim's network as part of the attack. In addition, it may even be able to read files or introduce malicious changes that would be applied to the linked device after a reboot as a result of the hack.
Voice-activated devices have been used for quite some time to spy on potential targets without being detected and to covertly snoop on them.
The Light Commands technique was recently released by a group of academics in November. MEMS microphones have been found to have a vulnerability that may lead to a data breach. A remote attacker could use this exploitation to inject inaudible and invisible commands and commands into popular voice assistants such as Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light instead of voice.
