The media also reported that Researchers developed a method for intercepting data from smartphone speakers.Īs an appendix to his article, the researcher published three PoC exploits on GitHub to perform the above actions. The attacker gets the opportunity to spy on the victim through his Google Home, over the Internet (no need to be near the target device anymore).The attacker connects to the Internet and uses the obtained device information to link his account to the victim’s device.The attacker connects to the device setup network and requests information about the device (name, certificate, cloud ID).The attacker sends deauthentication packets to disconnect the device from the network and put it into setup mode.The attacker finds the victim’s Google Home by listening to MAC addresses with prefixes associated with Google Inc.The attacker wants to spy on his victim while within range of the Google Home wirelessly (but does NOT have the victim’s Wi-Fi password).To create an account on the target column for a potential attacker, DownrightNifty wrote a Python script that automates the extraction of data from the local device and reproduces the request to link a new account.Īs a result, the researcher describes the theoretical attack on Google Home as follows. With this information, the column could generate a linking request to the Google server. In the end, it turned out that adding a new user to the target device is a two-step process that requires a device name, certificate, and cloud ID from the local API. Interested in this functionality, he used Nmap and found the local HTTP API port of Google Home, and then set up a proxy server to intercept encrypted HTTPS traffic, hoping to intercept the user’s authorization token. It all started when, while studying his own Google Home Mini speaker, the researcher discovered that new accounts added using the Google Home app can remotely send commands to the device via a cloud API. Now that the problems have been fixed, the expert, hiding under the nickname DownrightNifty, has published on his blog a detailed technical description of the bugs, as well as various attack scenarios in which the vulnerabilities could be exploited. Let me remind you that we also wrote that Microsoft spent twice more than Google on bug bounty programs last year, and also that Facebook ( Meta) expands the bug bounty program to combat scraping. Given the complete compromise of the smart speaker, Google paid the researcher $107,500 as part of a bug bounty program. The problems made it possible to create a backdoor account and use it to remotely control the device, effectively turning the speaker into a spy device with access to the microphone. Last year, an information security specialist discovered dangerous vulnerabilities in Google Home smart speakers that allowed listening to users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |