Smart Spies: Google Home Eavesdropping

Smart Spies: Google Home Eavesdropping

OK Google, talk to the integer generator. Earcon sound Your random integer is 228, goodbye. Earcon sound I just talked to an apparently normal action
on my Google Home device. After it provided the information I expected,
it said goodbye and played the earcon sound, signalling that the action had stopped. But actually, that sound was recorded and
played to falsely give the impression that the action had ended. Instead, it kept waiting for me to say something
more. This input was then directly transmitted to
the attacker’s server and also called an intent which outputs a short silence and keeps listening
for more than 30 seconds. This is achieved by multiple silent re-prompt
messages, which each wait for 8 more seconds for user response. If I say anything in this time, it will be
again transmitted to the attacker and restarts the intent. So basically, I find myself here in the loop
where the attacker can listen in on my conversation without my knowledge as long as the Google
Home device recognizes speech within a 30 second time frame.

Author: Kevin Mason

10 thoughts on “Smart Spies: Google Home Eavesdropping

  1. Couldn't help but notice that we can't see the LEDs on the device (indicating that it is listening). Do they stay on while your bot is still running? Did you disable them?

  2. Is the google home in this video the one that is running the app? Or is another one in the background doing so? Normally, if it was still listening the LEDs would be illuminated and I cannot see them in the video at any point.

  3. It's weird that she is looking above the camera almost like she's reading a script. Also, she keeps pausing to give the "eavesdropping" GH time to process what she said? I don't know, a lot of this video is just weird and seems a bit fake? Like everyone else is pointing out, LEDs aren't on while she activated the GH. I get that a program like this could probably disable it for when it's trying to trick you into thinking it's not listening, but even at the beginning, using it normally didn't bring the LEDs to life.

  4. They can eavesdrop on me all they want. All I talk about is how much I hate my wife and want to bang the neighbour.

  5. Can you provide a walkthrough how you connected your Google home to your Linux machine and read the log live as you spoke?

Leave a Reply

Your email address will not be published. Required fields are marked *