Home
News
You are here

Google smart speaker can be used by attacker to listen in to your private convos

3comments

By Alan Friedman

Published: Jan 02, 2023, 11:03 PM

Google smart speaker can be used by attacker to listen in to your private convos

Imagine if someone was listening in to conversations taking place in your home. You certainly would feel vulnerable. A researcher named Matt Kunze discovered that hackers can be spying on you and your family via a Google Home smart speaker. According to BleepingComputer (via AndroidCentral), Kunze was messing around with a Nest Mini when he discovered that a rogue or "backdoor" account could be created using the Google Home app. That account could then be used to control the smart speaker giving a bad actor access to the microphone feed and other features of the device remotely.

Kunze received $107,500 from Google for discovering this vulnerability which turned the Google Nest Mini from a smart speaker into a device able to snoop on the user's conversations and more. The rogue account can be used to control the smart speaker by sending it commands remotely via the cloud API (application programming interface). The API allows two or more computer programs to communicate.

The information needed to hack the Nest Mini would include the name of the device, the certificate, and the Cloud ID. With this info, the hacker can send a request to Google's server requesting a link to the smart speaker allowing the device to be used to make online transactions, control smart appliances, unlock the front door, and more. The hacker could also have the speaker call his phone allowing him to listen in to a conversation taking place around the home using the speaker's microphone.

The researcher was able to make this happen by creating a malicious routine that included the "call [phone number]" command. This activated the microphone at a specified time, calling the attacker's phone (as we mentioned in the above paragraph) allowing him to listen in via the microphone on the smart speaker. Kunze recorded a video showing how the Nest Mini's microphone can send conversations to a smartphone, which in this case would be in the possession of the bad actor.

The malicious setting which allows the smart speaker to capture audio from the speaker's microphone

The issue was discovered by Kunze in January 2021 and Google fixed it in April 2021. Anyone running the latest firmware should not be concerned with this issue.

$349

$799

$450 off (56%)

Mint Mobile now sells the Google Pixel 10 with a massive $450 discount. The promo is available on select color variants with 128GB of storage. You also get a 12-month unlimited data plan for $180 instead of $360.

Buy at Mint Mobile

$524

$999

$475 off (48%)

Grab the pro-grade, compact Pixel 10 Pro at Mint Mobile with a 12-month unlimited plan, and you can save a huge $475. The data plan comes with a discount, too: 50% off, to be exact.

Buy at Mint Mobile

$499

$1199

$700 off (58%)

The high-end Gemini AI-enhanced Pixel 10 Pro XL is now available with a mind-blowing discount. You can now save $700 on the phone, plus 50% off unlimited 12-month plans.

Buy at Mint Mobile

$1399

$1799

$400 off (22%)

The foldable Pixel 10 Pro Fold is another standout holiday offer. Right now, you can get the device for $400 off at Mint Mobile. On top of that, you save $180 on 12-month unlimited data plans.

Buy at Mint Mobile

View Full Bio

Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Read the latest from Alan Friedman