Stories
Slash Boxes
Comments

SoylentNews is people

Google Home Speakers Could Have Been Hijacked to Spy on Your Conversations

posted by janrinok on Wednesday January 04, @07:17AM   Printer-friendly

fliptop writes:

Experts uncover Google Home flaw that could have affected user privacy:

Some Google Home smart speakers could have been hijacked to control the device remotely, and even listen in on people's private conversations, a security expert has claimed.

The bug was discovered by cybersecurity researcher Matt Kunze, who received $107,500 in bounty rewards for responsibly reporting it to Google.

[...] First, the attacker needs to be within wireless proximity of the device, and listen to MAC addresses with prefixes associated with Google.

After that, they can send deauth packets, to disconnect the device from the network and trigger the setup mode. In the setup mode, they request device info, and use that information to link their account to the device and - voila! - they can now spy on the device owners over the internet, and can move away from the WiFi.

But the risk is bigger than "just" listening to people's conversations. Many smart home speaker users connect their devices with various other smart devices, such as door locks and smart switches. Furthermore, the researcher found a way to abuse the "call phone number" command, and have the device call the attacker at a specified time and feed live audio.

Related: The Suspicion Becomes Real: Hackers Can Take Control of Alexa and Listen to You

Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Google Home Speakers Could Have Been Hijacked to Spy on Your Conversations | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by Subsentient on Wednesday January 04, @08:46AM (2 children)

    by Subsentient (1111) on Wednesday January 04, @08:46AM (#1285095) Homepage Journal

    Smart speakers are largely made to spy on you, it's just usually that data goes back to Google or Amazon.

    I'm not surprised there's ways to get around that and send that data elsewhere.

    I will never allow one of those things in my house.

    --
    "It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
    Starting Score:    1  point
    Moderation   +4  
       Insightful=3, Interesting=1, Total=4
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 4, Insightful) by crafoo on Wednesday January 04, @04:40PM (1 child)

    by crafoo (6639) on Wednesday January 04, @04:40PM (#1285127)

    A huge reason to get these devices into peoples' houses - to listen to as many conversations as possible, from as many people as possible. As many speaking mannerisms as possible, as many subcultures as possible. Full conversation coverage.

    The gold rush for big data is real. I'd love to see the training sets for NN's they've built using all of the voice data they've collected. I just assume it's beyond voice as well, and they are building huge relational datasets of what people talk about, when, with who. absolutely priceless data.

    • (Score: 5, Insightful) by Ox0000 on Wednesday January 04, @05:06PM

      by Ox0000 (5111) on Wednesday January 04, @05:06PM (#1285129)

      Someone else said it here a couple of years ago:

      Big data is not about ads, ads and big data are both about control.