One of the great obstacles to the proliferation of smart homes or smart homes, is the mistrust of users. Many refuse to have a voice assistant, either alexa either Google Home, for fear of being victims of a cyberattack or being spied on. And recent reports don’t help.
The security researcher matt kunze just got one $107,500 reward by Google. The reason? Discovered a serious cybersecurity issue in the speakers Google Nest: a flaw allowed hackers to eavesdrop on private conversations and control users’ smart devices, as reported Bleeding Computer.
While experimenting with his own speaker, the expert found that he could open a “back door” to access the device remotely. Once inside, he explains on his blog, it was “too easy” to add new users from the Google Home mobile app.
What happens if your Google Home assistant is hacked?
Voice assistants are ‘on alert’ all the time, listening for every sound to detect when commands are given. That is they hear everything you say and can store it for unknown purposes.
By being registered as ‘user’, the hacker could take control of the speaker remotely via WiFi. With this, the hacker could seeConnect to the device to access all the information and the microphone without even being close. This allowed malicious activities such as spy on victims, listen and record all conversations close to the device.
In addition, many users link their smart home appliances and wearables (as a smart watch) to Google Home. By controlling the network the attacker could make phone calls, hijack gadgets, manipulate alarms and security systems, turn the tv on and off either broadcast anything, set up scheduled routines Y play musicamong other things.
However, what tends to interest them most is steal sensitive information: personal and bank details, certificate and cloud ID, passwords, browsing histories, contacts, schedules, routines, activities and much more.
All without the owner noticing the espionage. Many users ignore the blue light alert from the speaker, which comes on when there’s activity, assuming it’s updating or something.
For the test, the specialist used his loudspeaker Google Home Minibut affirms that the error was presented in all the Nest devices of the technological firm.
Security bug fixed with deep update
Kunze discovered the serious flaw in January 2021 and reported it to Google in March. The vulnerability was completely corrected in the middle of the same year and the bigtech reported that no users affected by the security breach were registered.
The Google Homes were released in 2016 to connect to Google Assistant through voice commands and, incidentally, compete with Amazon Alexa, which came out two years earlier. This means that cybercriminals were able to exploit the bug for years before they fixed it.
At present, all Google Nests are “quite secure” and “do not offer room for attacks,” says Kunze himself. The company took it upon itself to ‘close the road’ with a series of updates.
These improvements include preventing users or accounts from being added to Google Home remotely, other than by invitation only. They also fixed security for phone calls, with added protection to prevent remote start with the scheduled routine system.
Plus, Google smart displays now require a QR code to log inmeaning that the hacker would need physical access to a device to connect their account.
However, Matt acknowledged that the flaw did not offer many attack vectors and that the vulnerabilities were quite subtle. He said that aside from the privacy of phone calls, the most an attacker could do was change some basic user settings.
Editorial Team The editorial team of EMPRENDEDOR.com, which for more than 27 years has worked to promote entrepreneurship.