Google Home speaker bug allows hackers to eavesdrop on conversations

The Google Home smart speaker has been found to have a serious security flaw that could allow hackers to spy on unsuspecting users.

The Google Home smart speaker has been found to have a serious security flaw that could allow hackers to spy on unsuspecting users. Google Home is one of the most popular smart speakers in the world, along with Amazon's Echo devices. While the latter is powered by Amazon's Alexa voice assistant, the former comes with Google Assistant. Apple also sells a smart speaker called the HomePod that runs Siri, but it lags far behind those two market leaders.

In a blog post, cybersecurity researcher Matt Kunze details a critical Google Home vulnerability that could allow hackers to remotely control smart speakers via Google's cloud API. According to Kunze, the bug could allow malicious actors to add themselves to the Google Home app and use voice commands to activate the microphone on affected devices. From there, the compromised speaker can be used for a wide range of actions, including controlling smart home switches, opening smart garage doors, making online purchases, remotely unlocking and starting selected cars, opening smart locks, and more.

Google Home Security Vulnerability

While this massive bug could compromise the safety and security of many Google Home users, Kunze said an attacker would have to Wirelessly approach Google Home speakers to attack. The report did not mention known instances of the vulnerability being exploited in the wild. Thankfully, Google fixed the security hole after learning about it. While this patch has been available for some time, users should always download the latest firmware to protect themselves from security threats.

Kunze reported the vulnerability to Google in January 2021, and a bugfix was implemented a few months later in April. Kunze was rewarded later, and then further rewarded in May 2022 from Google's new bug bounty program for its smart home devices. The cybersecurity researcher said he was paid a total of $107,500 from Google for discovering and reporting the vulnerability.

Smart home devices are growing in popularity every year, but due to the myriad of vulnerabilities and security holes in these devices, they are still vulnerable to hacking. Although IoT security has strengthened significantly over the past few years, they remain more vulnerable than PCs and smartphones, which are better protected from malicious actors. Report on Google Home speaker is yet another reminder that IoT security is a bit low How much more needs to be done to protect IoT devices from hackers and cybercriminals.

More: Fake Windows 11 upgrade has data-stealing malware