(ReliableNews.org) – As of 2018, roughly 22% of Americans between the ages of 30 to 44 owned a Google Home device, according to Statista. The smart speaker is a competitor of Amazon’s Alexa. Though it has a much smaller market share, 22% is nothing to sneeze at. In 2021, a researcher found a pretty serious bug in the system, which he has now explained in depth.
In January 2021, Matt Kunze was experimenting with his Google Home mini speaker. He noticed that it was really easy to add new users via the app to the device, and linking accounts allowed the person to control the speaker. For example, he said the app’s “routines” feature allowed users to create shortcuts for commands like “turn off the lights” and such. Anyone who had access to the account could send remote commands to the speaker.
Kunze decided to see if he could hack the speaker and control it remotely, essentially simulating a cyber attack. In a blog post published on December 26, he went through the process of how he hacked the device fairly easily and discovered a serious bug that allowed him to gain access to the speaker to use it as a listening device. He pointed out that while he only tested the mini to see if it could be used for nefarious reasons, he believed he could have hacked other models as well.
3⃣ DownRightNifty walks us through their Google Smart Speaker vulnerability that earned them over $100k! https://t.co/uBWA7piXBh
— INTIGRITI (@intigriti) January 4, 2023
The researcher disclosed what he found to Google in March 2021. The next month, the tech company fixed the problem with the speaker. In 2022, Google awarded Kunze $107,500 for the disclosure.
Though Google has reportedly fixed the problem, if users have not updated their devices, they could still be vulnerable. The incident underscores how important it is for Americans to ensure their devices are up to date with the latest software because oftentimes, those updates are sometimes all that is standing between their data and a hacker.
Copyright 2023, ReliableNews.org