Google Home speakers allowed hackers to snoop on conversation

A bug in Google Home smart speaker allowed installing a backdoor account 

It remotely and to turn it into a snooping device by accessing the microphone feed. 

A researcher discovered the issue and received responsibly reporting it to Google last year. 

The researcher published technical details about the finding and an attack scenario

While experimenting with his own Google Home mini speaker, the researcher discovered that new accounts 

Google Home app could send commands to it remotely via the cloud API.

The researcher discovered that adding a new user to the target device is a two-step process 

With this info, they could send a link request to the Google server.

The exfiltration of the local device data and reproduced the linking request.

Force it to forget stored Wi-Fi networks, force new Bluetooth or Wi-Fi pairings, and more.