{"id":838,"date":"2022-12-31T07:20:12","date_gmt":"2022-12-31T07:20:12","guid":{"rendered":"https:\/\/cybersecuritynest.com\/?p=838"},"modified":"2022-12-31T07:20:24","modified_gmt":"2022-12-31T07:20:24","slug":"security-researcher-hacked-google-smart-speaker-and-turned-it-into-a-wiretap","status":"publish","type":"post","link":"https:\/\/cybersecuritynest.com\/?p=838","title":{"rendered":"Security Researcher hacked Google smart speaker and turned it into a wiretap"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D838\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=838&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-839\" src=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/wire-300x171.jpg\" alt=\"\" width=\"718\" height=\"409\" srcset=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/wire-300x171.jpg 300w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/wire.jpg 728w\" sizes=\"(max-width: 718px) 100vw, 718px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-840\" src=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-31-at-07.15.21-300x229.png\" alt=\"\" width=\"789\" height=\"602\" srcset=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-31-at-07.15.21-300x229.png 300w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-31-at-07.15.21-1024x782.png 1024w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-31-at-07.15.21-768x587.png 768w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-31-at-07.15.21.png 1532w\" sizes=\"(max-width: 789px) 100vw, 789px\" \/><\/p>\n<p>A security scientist was granted a bug abundance of $107,500 for distinguishing security issues in Google Home brilliant speakers that could be taken advantage of to introduce secondary passages and transform them into wiretapping gadgets.<\/p>\n<p>In a technical paper that was released this week, the researcher who goes by the name Matt revealed that the flaws &#8220;allowed an attacker within wireless proximity to install a &#8216;backdoor&#8217; account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim&#8217;s LAN.&#8221;<\/p>\n<p>In making such malignant solicitations, not exclusively might the Wi-Fi secret phrase at some point get uncovered, yet additionally give the foe direct admittance to different gadgets associated with a similar organization. Google resolved the issues in April 2021 following responsible disclosure on January 8, 2021.<br \/>\nIn an assault chain itemized by the scientist, a danger entertainer hoping to snoop on a casualty can fool the person into introducing a vindictive Android application, which, after identifying a Google Home gadget on the organization, issues covert HTTP solicitations to connect an assailant&#8217;s record to the casualty&#8217;s gadget.<\/p>\n<p>In addition, it was discovered that a Google Home device can be forced into &#8220;setup mode&#8221; and set up its own open Wi-Fi network by launching a Wi-Fi deauthentication attack to force it to disconnect from the network.<\/p>\n<p>The threat actor can then link their account to the device by connecting to the device&#8217;s setup network and requesting information like the device name, cloud_device_id, and certificate.<\/p>\n<p>A successful link process allows the adversary to use Google Home routines to turn the volume down to zero and call a specific phone number at any time to spy on the victim through the device&#8217;s microphone, regardless of the attack sequence used.<\/p>\n<p>The issue, in a nutshell, is how a malicious Google user account can be added to a target&#8217;s home automation device using the Google Home software architecture.<\/p>\n<p>A threat actor attempting to eavesdrop on a victim can trick the victim into installing a malicious Android app in an attack chain detailed by the researcher. This app then sends stealthy HTTP requests to link an attacker&#8217;s account to the victim&#8217;s device when it detects a Google Home device on the network.<\/p>\n<p>In addition, it was discovered that a Google Home device can be forced into &#8220;setup mode&#8221; and set up its own open Wi-Fi network by launching a Wi-Fi deauthentication attack to force it to disconnect from the network.<\/p>\n<p>The threat actor can then link their account to the device by connecting to the device&#8217;s setup network and requesting information like the device name, cloud_device_id, and certificate.<br \/>\nA successful link process allows the adversary to use Google Home routines to turn the volume down to zero and call a specific phone number at any time to spy on the victim through the device&#8217;s microphone, regardless of the attack sequence used.<br \/>\nAccording to Matt, &#8220;The victim may only notice that the device&#8217;s LEDs turn solid blue, but they would probably just assume it&#8217;s updating the firmware or something.&#8221; There is no indication that the microphone is open because the LEDs do not pulse like they normally do when the device is listening during a call.<\/p>\n<p>In addition, the attack can be expanded to include arbitrary HTTP requests made within the victim&#8217;s network, file reading, and the introduction of malicious modifications to the linked device that would be applied upon reboot.<\/p>\n<p>Voice-activated devices have been used in the past to covertly spy on potential targets, and this is not the first time this has been done.<\/p>\n<p>A method known as Light Commands was discovered in November 2019 by a group of academics. Light Commands refers to a flaw in MEMS microphones that enables attackers to remotely inject inaudible and invisible commands using light into popular voice assistants like Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri.<\/p>\n<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D838\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=838&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47-->","protected":false},"excerpt":{"rendered":"<p>A security scientist was granted a bug abundance of $107,500 for distinguishing security issues in Google Home brilliant speakers that could be taken advantage of to introduce secondary passages and transform them into wiretapping gadgets. In a technical paper that was released this week, the researcher who goes by the name Matt revealed that the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":841,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[10],"tags":[],"class_list":["post-838","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vul-mal"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/838"}],"collection":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=838"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/838\/revisions"}],"predecessor-version":[{"id":842,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/838\/revisions\/842"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/media\/841"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}