• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Monday, July 6, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Tech

Hackers might listen in on talks thanks to Google Home speakers

by Sneha Singh
December 31, 2022
in Tech
Reading Time: 2 mins read
0
Google
TwitterWhatsappLinkedin

Due to a fault, the Google Home smart speaker could be remotely controlled. Unfortunately, it also turned into a snooping device by installing a backdoor account with access to the microphone feed.

You might also like

Why Home Charging Is Cheaper Than Public Charging

OpenID Connect Explained: A Simple Guide to How Modern Login Systems Work

The Paradigm of Privacy Confidential Computing Explained

Last year, researcher Matt Kunze found the problem and was awarded $107,500 for appropriately alerting Google to it. Earlier this week, the researcher shared technical information on the discovery and an attack scenario to demonstrate how the issue may be exploited.

The researcher found that new accounts created using the Google Home app may remotely control it via the cloud API while exploring with his own Google Home tiny speaker.

Google

The researcher discovered Google Home’s local HTTP API port using a Nmap scan. So he put up a proxy to collect the data over HTTPS in an effort to intercept the user authorization token.
The researcher noticed that adding a new user to the target device involves two steps and calls for the local API’s “cloud ID,” “cloud certificate,” and device name. Then, they might submit a link request to the Google server using this information.

Researcher posted three proofs of concepts

The analyst automated the exfiltration of the local device data and replicated the linking request by implementing the link procedure in a Python script to add a malicious user to a target Google Home device.

The researcher posted three proofs of concepts (PoCs) for the behaviors mentioned above on GitHub. However, the most recent firmware upgrade should prevent them from functioning on Google Home devices.

Google

The PoCs go beyond creating a rogue user by allowing microphone eavesdropping. Also, arbitrary HTTP requests on the victim’s network, and arbitrary file reading/writing on the target device.

The Google Home speaker may perform operations like activating smart switches, making online purchases, remotely unlocking doors and automobiles, or covertly brute-forcing the user’s PIN for smart locks when a rogue account is connected to the target device.

Google Home Speakers performs various operations

What’s more concerning is that the researcher discovered a way to misuse the “call [phone number]” command by incorporating it into a malicious code that activated the microphone at a predetermined time, called the attacker’s number, and sent live microphone feed. The only sign of anything happening during the conversation is when the device’s LED turns blue.

The victim could believe the gadget is upgrading its firmware if they detect it. The typical LED that pulses when the microphone is active does not do so when a call is in progress.

Finally, it can also play music, rename, reboot, erase any saved Wi-Fi networks. Moreover, force new Bluetooth or Wi-Fi pairings, and perform other operations on the hacked smart speaker.
In March 2021, Kunze supplied more information and proof of concepts after discovering the problems in January 2021. Google completed all issues in April 2021.

The update adds a brand-new invite-based method to manage account connections that prevents any tries not already placed on Home. The Local Home SDK was launched in 2020. The scheduled routines were added in 2018, and Google Home was deployed in 2016. Therefore an attacker who discovered the flaw before April 2021 would have had plenty of time to exploit it.

Tags: APIGoogleGoogle Home SpeakersHackers
Tweet54SendShare15
Previous Post

The Ohio Supreme Court rules that insurance policies do not cover software cyberattack

Next Post

Chile Approves Microsoft Activision-Blizzard Acquisition

Sneha Singh

Sneha is a skilled writer with a passion for uncovering the latest stories and breaking news. She has written for a variety of publications, covering topics ranging from politics and business to entertainment and sports.

Recommended For You

Why Home Charging Is Cheaper Than Public Charging

by Samir Gautam
July 6, 2026
0
Why Home Charging Is Cheaper Than Public Charging

The rapid growth of electric vehicles has transformed the way people think about mobility. Instead of stopping at fuel stations every week, many EV owners now begin each...

Read more

OpenID Connect Explained: A Simple Guide to How Modern Login Systems Work

by Sneha Singh
July 6, 2026
0
OpenID Connect Explained: A Simple Guide to How Modern Login Systems Work

Nowadays, most websites and applications allow you to authenticate yourself through your Google, Microsoft, Apple, or Facebook account. Thus, there is no need to come up with a...

Read more

The Paradigm of Privacy Confidential Computing Explained

by Anochie Esther
July 5, 2026
0
confidential computing explained

The multi-billion-dollar global shift toward public cloud ecosystems, edge computing, and distributed artificial intelligence has fundamentally altered corporate digital security. For decades, the foundational framework of computer security...

Read more
Next Post
Microsoft Claims Sony Blocks Games From Coming To Xbox

Chile Approves Microsoft Activision-Blizzard Acquisition

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?