Compared to Apple Siri and Amazon's Alexa, Google Assistant is most popular among smart-home owners, the latter is most intuitive in terms of understanding user's command and even supports a long conversation about a topic.
Now, a report has emerged that Google's Home speakers had a bug that would have allowed threat actors to take control of the smart device to spy on conversations of users at home.
An anonymous security researcher who goes by the moniker DownrightNifty Matt first noticed the security loophole way back in January 2021 but had to create to Proof of Concept (PoC) for Google.
During the research work, he was able to link an unknown user account to a Google Home speaker. [Note: In general, users can link up to six family members' accounts to Home speaker.]
As noted above, the cyber expert was able to create a 'backdoor' account on the device, which gave unprecedented privileges to send commands to the Home mini smart speaker remotely over the Internet and was able to access its microphone feed and make arbitrary HTTP requests within the victim’s LAN. This could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices, the expert noted.
There is no official word if this security loophole was ever misused in the last year or so. The cyber researcher being an ethical hacker promptly notified the issue to Google and it has been fixed with a software patch.
As a goodwill gesture, the search engine giant rewarded the DownrightNifty Matt with a $107,500 (approx. Rs 89,01,860) cash prize. As the bug is a high-risk security issue, it was never made public until a couple of days ago.
Interested people can read his technical report (here), which details minute aspects of his research work that led to the discovery of a major flaw that could have been used for illegal mass surveillance of users around the world.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.