ADVERTISEMENT
Google Home speaker: Bug may have let hackers spy on users' conversationGoogle has rewarded the security researcher with handsome $107,500 cash prize for the discovery of the bug in Google Assistant-powered Home speaker
DH Web Desk
Last Updated IST
Google Home Speaker. Picture Credit: Pixabay
Google Home Speaker. Picture Credit: Pixabay

Compared to Apple Siri and Amazon's Alexa, Google Assistant is most popular among smart-home owners, the latter is most intuitive in terms of understanding user's command and even supports a long conversation about a topic.

Now, a report has emerged that Google's Home speakers had a bug that would have allowed threat actors to take control of the smart device to spy on conversations of users at home.

An anonymous security researcher who goes by the moniker DownrightNifty Matt first noticed the security loophole way back in January 2021 but had to create to Proof of Concept (PoC) for Google.

ADVERTISEMENT

During the research work, he was able to link an unknown user account to a Google Home speaker. [Note: In general, users can link up to six family members' accounts to Home speaker.]

As noted above, the cyber expert was able to create a 'backdoor' account on the device, which gave unprecedented privileges to send commands to the Home mini smart speaker remotely over the Internet and was able to access its microphone feed and make arbitrary HTTP requests within the victim’s LAN. This could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices, the expert noted.

There is no official word if this security loophole was ever misused in the last year or so. The cyber researcher being an ethical hacker promptly notified the issue to Google and it has been fixed with a software patch.

As a goodwill gesture, the search engine giant rewarded the DownrightNifty Matt with a $107,500 (approx. Rs 89,01,860) cash prize. As the bug is a high-risk security issue, it was never made public until a couple of days ago.

Interested people can read his technical report (here), which details minute aspects of his research work that led to the discovery of a major flaw that could have been used for illegal mass surveillance of users around the world.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 30 December 2022, 12:29 IST)