Google Smart Speaker Wiretap Vulnerability, Researcher Earns $107,500 Reward

<p>Interesting <a href="https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html" target="_blank" rel="noopener">blog post about a guy researching the Google Home smart speaker</a> and ending up with $100,000 from Google.</p><p>Now, in my natural habitat, I don't use this type of devices (surprise?), but wanted to share this because of interesting techniques, which may be used in the future in other contexts. Most interesting to me is the bypassing of the certificate, as the problems he had even with a rooted phone and added <a href="https://mitmproxy.org/" target="_blank" rel="noopener">mitmproxy</a> CA fails with pinned certificates.</p><div class='paywall'><div class='restricted-content'><div class='obfuscate'><p>********* **** ****<a href="#restricted" target="_self" rel="noopener">***** ** **** ** ****</a></p></div></div></div>