Turning Google smart speakers into wiretaps for $100k

I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN (which could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices). These issues have since been fixed.

Related Keywords

,Google Apis ,Dan Petro ,Bishop Fox ,Google ,Netgear ,Google Inc ,Google Play Services Oauth Apis ,Philips ,Google Home ,Google Home Mini ,Google Homes ,Android Settings ,While Xposed ,Frida Gadget ,Google Play Services ,Google Search ,Voice Match ,Google Assistant ,Protocol Buffers ,Google Cast ,Gonna Give You ,Philips Hue ,Google Nest ,Chrome Devtools Protocol ,Local Home ,Actions Console ,Chrome Devtools Protocol Websocket ,Chrome Devtools ,Nest Hub ,Intended Behavior ,Macbook Pro ,