Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News
Whatsapp

Security Expert Received $107,500 for Reporting Google Home Bug

Yusuf Balogun
Yusuf Balogun
Yusuf is a law graduate and freelance journalist with a keen interest in tech reporting.

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

Matt Kunze, a security research expert, has been reported to have received a total sum of 107,500 US dollars for reporting a critical Google Home bug. IT House reported today that Matt Kunze reported a serious vulnerability of Google Home to Google last year and recently received a high bounty of US$107,500 from Google.

Back in 2021, it was discovered that the Google Home smart speaker has a vulnerability. Attackers can activate the microphone to listen in on user chats and install a backdoor account for remote control using this vulnerability. Earlier this week, Kunz revealed all the technical information on the vulnerability and its potential exploits.

Kunz discovered the local HTTP API port for Google Home while using Nmap. He thus configured a proxy to record encrypted HTTPS traffic in the hopes of stealing user authorization tokens.

The researchers found that adding a new user to a target device involves two steps and calls on the local API of the device, the device name, and a certificate. They can submit a link request to a Google server using this information.

What’s more concerning is that the researchers discovered a way to misuse the “call [phone number]” command by incorporating it into a malicious program that would turn on a microphone at a specific time, call the attacker’s number, and provide a live microphone feed.

In March 2021, Kunz supplied a PoC and further information after learning about the problems in January 2021. In April 2021, Google corrected everything.

Join 10,000+ Fellow Readers

Get Techgenyz’s roundup delivered to your inbox curated with the most important for you that keeps you updated about the future tech, mobile, space, gaming, business and more.

Recomended

Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Power Your Business

Solutions you need to super charge your business and drive growth

More from this topic