Threat actors could exploit a vulnerability in the Google Home smart speaker to facilitate the installation of a backdoor that would access the microphone feed to enable spying, BleepingComputer reports.
Such a flaw was discovered by security researcher Matt Kunze, who noted potential exploitation by listening for MAC addresses with Google-related prefixes, delivering deauth packets to remove the connection between the Google Home speaker and the network, connecting to the device's setup network and seeking for device information, and linking to the internet before using the stolen device info to establish a connection between the attacker's account and the device.
Attackers could also exploit the "call [phone number]" command to enable microphone activation. Three proof-of-concept exploits have been published by Kunze, all of which could not be exploited in Google Home devices with the latest firmware.
Google, which has addressed the issues in April 2021, has provided a $107,500 bounty to Kunze.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news