Last year, security researcher Matt Kunze (Matt Kunze) alerted Google to a significant vulnerability in Google Home. Recently, Google offered a substantial US$107,500 reward, which is equivalent to approximately 749,000 yuan.
The smart audio device known as Google Home has been found to have a flaw. This flaw allows for the installation of a backdoor account for remote control and the activation of the microphone for listening to user conversations by attackers. This week, Kunz made public all of the technical information regarding the vulnerability as well as how it could be used.
Kunz searched through Nmap and discovered the local HTTP API port for Google Home. To steal user authorization tokens, he, therefore, set up a proxy to capture encrypted HTTPS traffic.
The researchers found that adding a new user to a target device requires a certificate, a cloud ID from the device’s local API, and the name of the device. They can send a link request to a Google server with this information.
Even more troubling, the researchers discovered a way to misuse the command “call [phone number]” by incorporating it into a malicious routine that would send a live microphone feed, activate a microphone at a predetermined time, and call the attacker’s number.
Lastly, in March 2021, Kunz provided additional information and a proof of concept after discovering the issues in January 2021. In April 2021, Google made everything right.
