YouTube player

Matt from down right niffy dot me recently released an article detailing how he discovered an interesting vulnerability in Google’s Home smart speaker. He discovered that you can link a google account to a smart speaker without any authentication. The vulnerability allowed an attacker within wireless proximity to install a “backdoor” account on the device. From there, the attacker is then able to send commands to the device remotely , access the microphone feed and send HTTP requests within the victim’s home network.

This segment was created for the It’s 5:05 podcast