Hackers could have surreptitiously linked secondary accounts to Google smart home devices, then control the devices for nefarious ends.
Google smart home devices are designed to be controlled by phones running the Google Home app. This app communicates with smart devices over HTTPS, which is an encrypted communication protocol. However, the researcher discovered that he could use a rooted Android phone and a script found on GitHub to intercept and decrypt this HTTPS traffic, letting him read the traffic in plaintext form. Then, by reading the communications between his Google Home Mini and his phone running the Google Home app, the researcher was able to determine the precise requests used to add a Google account to a Google smart home device. Earlier this year, Google awarded a security researcher $107,500 for finding vulnerabilities in the company’s smart speakers. The researcher demonstrated that these vulnerabilities could be leveraged to link secondary accounts to Google smart home devices, then control the devices for nefarious ends, including eavesdropping on the owners of the devices. Fortunately the researcher reported this vulnerability to Google, rather than abusing it, but there’s no telling whether he was the first to discover and exploit these vulnerabilities.
