Google Home Mini Speaker Discovered Eavesdropping on Home User

Of all the potential horror stories that dissuade users from adopting Internet of Things (IoT) devices, one of the most common is the unauthorized monitoring of their private lives. One similar incident involving Google’s Home Mini speaker was discovered by Artem Russakovskii of Android Police, who reported that the device was listening and recording all the sounds it picks up in its vicinity.

The Home Mini speaker was just recently unveiled during an event in San Francisco, which was attended by members of the media. The bug was discovered after Russakovskii, who was given a review unit, started noticing unusual behavior with the device, such as constantly interrupting TV shows to answer unrequested queries. After checking his Google activity page, Russakovskii noticed audio clips recording the sounds in his home. While it’s normal for clips of audio queries to be recorded, other sounds in the house are not.

Google was contacted regarding this matter, and the company identified the problem as being related to the touch panel, which is used to activate the Assistant via a long press. Google has already updated the Home Mini speaker’s software to disable the functionality that causes the bug. All the Home Mini speaker's recordings uploaded to Google's services have also been deleted.

It’s also fortunate for both Google and potential buyers that this bug—which was found in early-release units for press and reviewers—was caught this early, as the Home Mini speaker will not officially hit stores until October 19. Still, this incident shows that there are still many issues that plague IoT devices, one of which is the issue of privacy.

Although this bug was clearly non-malicious, IoT devices have had a history of being used for malicious purposes. Perhaps the most notorious of which was the Mirai botnet, which turned infected devices into "zombies" for a botnet. 2017 saw the rise of Persirai, another botnet that used IP cameras to pull off Distributed Denial-of-Service (DDoS) attacks.

The Google Home Mini is an example of a voice-enabled device that's often integrated into homes for controlling home functions. Unfortunately, this functionality brings about potential security and privacy problems, especially if an attacker manages to gain control of one. Manufacturers also often use these devices to collect and store data, including voice and sound files as well as user habits, sometimes without knowledge from the user.

While the Google Home Mini speaker issue was due to a manufacturer error, users themselves can protect themselves from IoT-based attacks by implementing a few easy security measures:

  • Many users tend to stick with the default password in their device interface. Even just changing these passwords to stronger ones will prevent a large number of attacks from occurring.
  • Updating the software of their devices will help ensure that attacks exploiting unpatched vulnerabilities and system flaws will be minimized.

Connected devices can be protected using security solutions such as Trend Micro Home Network Security, which can check internet traffic between the router and all connected devices.  It comes with web protection and deep packet inspection, leveraging the right capabilities that can weed out potential threats before they enter the home.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Veröffentlicht in Vulnerabilities & Exploits