SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
12 Oct 2017

A touch panel bug turned a Google Home Mini into a creepy surveillance device

The Google Home Mini fits most of the features of the tech giant’s popular Home smart speakers into a $50, four-inch-wide package, except for the larger, $130 version’s better acoustics. But it is still very, very good at listening.

As many as 4,000 Google Home Minis handed out at Made By Google press and pop-up events could have a flaw making them capture virtually all audio around them before uploading the recordings to Google servers, Android Police reported on Tuesday.

According to Android Police’s Artem Russakovskii, he received a demo unit at an October 4th tech press event and installed the device in his bathroom. Two days later on October 6th, he noticed that the Mini was activating repeatedly while he was trying to watch TV. Upon further investigation of his Google account’s My Activity portal, Russakovskii realized the device had transmitted thousands of audio recordings to the company without his knowledge, all of which were available for playback.

That’s a big problem, since smart speakers should never record audio without a specific prompt from the user (“OK Google,” “Alexa,” etc.). Tech companies sucking up large quantities of data indiscriminately without explicit user consent — especially in the intimate environment of one’s home — is one of the primary fears of privacy advocates skeptical smart speakers won’t be abused.

Russakovskii contacted Google PR, which immediately began investigating the issue. The culprit, it seemed, was the device’s touch panel, designed to allow his Home Mini to activate Google Assistant without a verbal command; due to a fault, the device constantly experienced “phantom” touch events that turned the assistant on and began recording.

As a result, virtually everything happening near the Home Mini was recorded. Google responded by issuing a patch that disabled the touch panel’s functionality. While Google distributed up to 4,000 Home Minis at the pre-release events, it’s not clear whether all of them are impacted, and it told Russakovskii other pre-order units for the general retail market were not affected by the bug.

The 4,000 number is likely high. Experts reported their Home Mini’s touch panel functionality was disabled by the patch, but it had “never went crazy and started recording at random.” This little incident just about sums up smart speakers’ potential as a 1984-esque surveillance wet dream. In 2016, the FBI declined to tell Paleofuture whether it had ever wiretapped an Amazon Echo, and in March 2017, Amazon handed over Echo recordings potentially relevant to a murder investigation.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
surveillance Google
Source:
Gizmodo
1872
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015