Report: Detected Glitch Could Have Enabled Spying Through Google Speaker

Hackers are spying on users of Google's smart Home speaker, according to a report from Bleeping Computer.

Last year, Google awarded researcher Matt Kunze $107,500 for reporting his discovery of a bug that allowed the creation of a backdoor account, which could be accessed remotely to control the device and access its microphone feed.

Last week, Kunze published details on how a hypothetical attack might take place.

While experimenting on his Google Home Mini speaker, Kunze discovered that new accounts created using the Google Home app could remotely transmit commands to the device via the cloud API.  

With the rogue account linked to the target device, Kunze could perform actions through the smart speaker — such as controlling smart switches, making purchases online, unlocking doors and vehicles, and accessing smart locks.

The greatest concern might be this: Kunze reportedly found a way to abuse the "call [phone number]" command.

This allowed him to listen in remotely to the speaker's microphone.

The only indication that someone would be listening in is the device's LED would turn blue. But even if the victim notices it, that person may chalk it up to the device updating its firmware.

Kunze discovered the bug in January 2021 and sent details and Proof of Concepts in March 2021.

In April 2021, reportedly Google fixed all the problems.

• TikTok Emails Show Employees Improperly Accessed User Data
• Trump: Big Tech Cover-Up 'Most Sinister Act in History'