Almost two years later, Google has just awarded Matt – a security researcher who discovered a major bug in Google Home speakers. The vulnerability “allowed a hacker who was physically within the wireless coverage area to install a backdoor account on the device”. Once this shadow account was set up, hackers could send commands to the enclosure from anywhere via the internet.
Above all, the operation made it easy to transform any Google Home speaker into a micro-spy, posing a real problem for the security of personal data. Even serve as a vector to hack other devices on the local network. Google had already spoken (without giving details) of the problem in January 2021. The bug has since been fixed in April 2021, and should no longer affect the company’s speakers.
Google Home: hackers could associate an account under their control
In detail, the researcher explains that a hacker wishing to spy on a target via this Google Home speaker bug had to encourage the victim to download a corrupted Android application on his smartphone or tablet. From there, the app could scan the network for vulnerable speakers, then send HTTP requests to the devices to link them to a Google Account under hacker control.
But there was another “zero click” method that was even more dangerous and discreet. Indeed, by attacking the speakers by forcing WiFi deauthentication by sending corrupted packets to it, it is possible to spontaneously put a Google Home in “installation” mode. The speaker then broadcasts its own WiFi network and hackers only have to be within range to connect to it and associate an account under their control.
“The only thing the victims could notice was that the LEDs turned solid blue. But they could just as well tell themselves that their speaker was being updated, or was connected to something else” harmless. This is not the first time that this kind of method has been described to hack connected speakers. In 2019, researchers discovered that it is possible to send inaudible commands to speakers using a laser beam.
The microphone technology used in this type of device, MEMS, involves a piece of silicon capable of generating an audio signal from sound waves. However, silicon also reacts to light, which therefore makes it possible to modulate a laser to reproduce a voice command with light pulses. A hardware bug that remains, as of this writing, relatively trivial to exploit (and impossible to patch).
Note that it is possible to mute the microphone directly on your speaker – a feature that deserves more use. To date, to our knowledge, there is no way to control the activation / deactivation of the microphones of Google Home speakers without physically accessing the device. We can therefore advise deactivating the speaker’s microphone to avoid any risk of espionage in the event of a sensitive conversation.
