Researcher Matt Kunze discovered a bug in Google Home smart speaker that allowed a backdoor account for hackers to spy on users using the Google Home app.
The account could be used to control the smart speaker providing access to the microphone feed and other remote features, according to Bleeping Computer report.
The researcher received $1,07,500 from Google last year for discovering this vulnerability. According to Bleeping Computer, Kunze published technical details of the findings earlier this week.
The rouge or backdoor account uses cloud API (application programming interface) to send commands to the smart speaker. The API allows multiple computer programs to communicate.
As per reports, the hacker can request Google’s server to link the spear using device information, certificate, and cloud ID.
Also read: How to use YouTube’s Queue feature
The researcher discovered the issue in January 2021 and shared details in March 2021. According to reports, the tech giant fixed the issues in April 2021.