10 comments

[ 4.6 ms ] story [ 31.7 ms ] thread
As much as I distrust these devices, the term “record” here implies the cloud-based transmission thing it does after hearing the wakeword.

It “records” all sound 24/7 to listen for the wakeword(s), naturally. It is just then discarded if one is not detected.

I understand they just added different wakewords (like smoke alarm sounds). I do not think it was streaming audio offsite 24/7, which is what this headline implies.

Headline is a bit misleading.

How do you form an understanding about what it is and isn't recording and/or streaming? What evidence do you consider?
Does anyone know if there an easy way to modify certs on these type of devices to be able to MITM traffic locally?
Depending on how much time you're willing to put in, you could start down the road of hardware hacking. eg:

https://www.youtube.com/watch?v=jK1NWglhpWI

Dumping device firmware:

https://www.youtube.com/watch?v=IadnBUJAvks

There's likely a debug interface(s) on the product PCB, which if you learn to control would likely enable what you want (eventually).

Thanks for the links!

On a side note, it's a shame most universities do not teach CS students much about hardware, hardware security etc

I have one always disconnected on my desk.

After the first couple of days of newness it just didn't provide much value to justify sucking electricty for me

For some reason I can't explain, an unplugged Google Home turned out to be one of my 1yo son's favourite toys. This luckily prevented me from using it for months. :)
> unplugged Google Home

So he talked to it and play that it responds? Similarly to how many kids play that they talk on the phone?

Nop, apparently he likes the shape, texture and weight. He never saw it working.
And now they have a 6% stake in arguably the biggest name in home security, ADT