The disadvantage in the Google Home column allows the attacker to remotely eavesdrop on the user’s conversations. Security researcher Matt Kunta announced the problem in Google and received a reward of $ 107,500.
According to technical description of the problem , cybercriminals may Rightly install your account on the device within the wireless network zone. Then the hacker can remotely send the command column over the Internet, gain access to the microphone and make arbitrary HTTP checks in the local network of the victim. Moreover, the attacker can potentially gain access to the Wi-Fi victim and gain access to other devices in the same network.
In order to listen to the victim’s conversation, the hacker must force the user to install a malicious android application, which will allow you to connect the cybercriminal account with the target device. The attack made it possible to remotely change the volume of the device, make a phone call and eavesdrop on the victim using a microphone in the dynamics of Google Home.
In this attack, it is noteworthy that the victim may not even suspect a hacking, since the only indicator of compromise will be a blue LED that will light up during a conversation on the phone. According to Kunts, the victim will most likely think that the device is updated or performs another standard task.