Matt from down right niffy dot me recently released an article detailing how he discovered an interesting vulnerability in Google’s Home smart speaker. He discovered that you can link a google account to a smart speaker without any authentication. The vulnerability allowed an attacker within wireless proximity to install a “backdoor” account on the device. From there, the attacker is then able to send commands to the device remotely , access the microphone feed and send HTTP requests within the victim’s home network.
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
This segment was created for the It’s 5:05 podcast