Matt Kunze, a security research expert, has been reported to have received a total sum of 107,500 US dollars for reporting a critical Google Home bug. IT House reported today that Matt Kunze reported a serious vulnerability of Google Home to Google last year and recently received a high bounty of US$107,500 from Google.
Back in 2021, it was discovered that the Google Home smart speaker has a vulnerability. Attackers can activate the microphone to listen in on user chats and install a backdoor account for remote control using this vulnerability. Earlier this week, Kunz revealed all the technical information on the vulnerability and its potential exploits.
Kunz discovered the local HTTP API port for Google Home while using Nmap. He thus configured a proxy to record encrypted HTTPS traffic in the hopes of stealing user authorization tokens.
The researchers found that adding a new user to a target device involves two steps and calls on the local API of the device, the device name, and a certificate. They can submit a link request to a Google server using this information.
What’s more concerning is that the researchers discovered a way to misuse the “call [phone number]” command by incorporating it into a malicious program that would turn on a microphone at a specific time, call the attacker’s number, and provide a live microphone feed.
In March 2021, Kunz supplied a PoC and further information after learning about the problems in January 2021. In April 2021, Google corrected everything.