“White” hacker Matt Kunze found a bug in Google Home Mini that allows attackers to use a smart speaker to wiretap the owners of the gadget. This is reported by the publication Tweakers.
The researcher found out that when a Wi-Fi access point is detected, to which the Google Home smart speaker is connected, it is possible to intercept control over the gadget without connecting to this very access point.
To do this, you need to conduct a deauthentication attack on a Wi-Fi access point, which will disconnect the speaker from the network. Then, with the help of a special program, you can embed an additional Google account in Google Home. When a legitimate user reconnects the speaker to Wi-Fi, both the owner and the attacker who slipped an additional account will have access to its management.
Having gained control over someone else’s column, an attacker can force her to call her phone. When the attacker picks up the phone, he will hear everything that happens around the hacked speaker. At the same time, a legitimate user will most likely not notice anything.
It became known about Apple’s plans to lower the price of the iPhone
Kunze discovered the described vulnerability in early 2021 and immediately reported it to Google. The IT corporation paid the “white” hacker a reward of $ 107,500, which is about 8 million rubles. At the moment, Google has already fixed the error, which allowed Kunze to publish a detailed description of it.