by Lucas Nolan at Breitbart News
Bleeping Computer reports that a vulnerability in Google Home smart speakers allowed the creation of a backdoor account that could be used to remotely control the device and access its microphone feed, potentially turning it into a spying tool.
(© GETTY/AFP/File SPENCER PLATT)
The flaw was discovered by researcher Matt Kunze, who received a $107,500 reward for responsibly reporting it to Google in the previous year. Kunze published technical details and an attack scenario illustrating the exploit late last week.
During his experimentation with a Google Home Mini speaker, Kunze discovered that new accounts created using the Google Home app could remotely send commands to the device through the cloud API. In order to capture the encrypted HTTPS traffic and potentially obtain the user authorization token, the researcher used a Nmap scan to locate the port for the local HTTP API of Google Home and set up a proxy.
Kunze found that adding a new user to the target device involves two steps: obtaining the device name, certificate, and “cloud ID” from its local API. This information makes it possible to send a link request to the Google server. To add an unauthorized user to a target Google Home device, Kunze implemented the linking process in a Python script that automated the extraction of local device data and reproduced the linking request.
The researcher released three proof-of-concept scripts on GitHub that…
Continue Reading