https://thehackernews.com/2022/12/researcher-uncovers-potential.html
To save you the trouble, here’s the write-up:
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
And here’s his published paper: https://arxiv.org/ftp/arxiv/papers/2001/2001.04574.pdf
((I prefer to give credit to the original source rather than just citing echoes from other news outlets.))
Ok, so there are two things to notice here. Firstly, over a 100k USD in bug bounty! Secondly, is really a 100k USD enough when he demonstrated that the entire world had (potential) access for at least two years. Hard to know if it was known or not, as normally with zero days. But Microphone and wiretapping right into the livingrooms of homes with Google Nest devices.
Mind-blowing.
Also, as a last remark, notice how long he had to keep it a secret. Normally you see write-ups within 3 months of fixing the issue.
This deserves more attention and Voilá! They see me bloggin’ they hatin’.
Happy holidays and take care of yourselves fellow people 🙂