Exploring Security Issues with Google Home Mini

Location

SU 214

Department

Computer Science

Abstract

Virtual reality, augmented reality, and voice interaction are examples of emerging technologies that are changing people's interactions with the world and their digital experiences. Voice control is the next step in human-machine interaction, thanks to advances in cloud computing, artificial intelligence (AI), and the Internet of Things (IoT). Voice assistants such as Apple's Siri, Google's Assistant, and Amazon's Alexa have evolved because of the extensive use of smartphones. Smart speakers are best employed in a shared, collaborative, semi-private home setting since they are "always-on" and "always listening." In this project, we focused on the network part, where we created an environment in which attacker can sniff and monitor packets and can launch different attacks, including denial of service (DoS), Address Resolution Protocol (ARP) poisoning, man-in-the-middle attack, among others. For this purpose, we set up the virtual environment containing the user, Google Home Mini device, and an attacker machine that launches attacks and monitor traffic. We first performed the reconnaissance and enumeration phases of attacks to select a specific network containing the Google Home Mini device. We try to locate and identify the Google Home Mini device and do banner grabbing, fingerprinting, and port scanning. We also captured Google Home Mini’s traffic in normal circumstances, and we also captured packets between Google Home Mini and other smart devices. We then performed ARP spoofing on the Google Home Mini device, an attack in which the device misidentifies the attacker machine as a routing device or a default gateway. We finally performed API analysis. This Research covers the tasks an attacker might perform to target Google Home Mini devices, including reconnaissance and enumeration, network scanning, target identification, host scanning, port scanning, OS detection, network traffic monitoring and packet capturing between Google Home Mini and other smart devices. Based on the vulnerabilities discovered and the exploitations thereof, we have also included several recommendations to harden the system and countermeasure adversary attacks.

Faculty Sponsor

Manar Mohaisen, Northeastern Illinois University

This document is currently not available here.

Share

COinS
 
May 6th, 10:00 AM

Exploring Security Issues with Google Home Mini

SU 214

Virtual reality, augmented reality, and voice interaction are examples of emerging technologies that are changing people's interactions with the world and their digital experiences. Voice control is the next step in human-machine interaction, thanks to advances in cloud computing, artificial intelligence (AI), and the Internet of Things (IoT). Voice assistants such as Apple's Siri, Google's Assistant, and Amazon's Alexa have evolved because of the extensive use of smartphones. Smart speakers are best employed in a shared, collaborative, semi-private home setting since they are "always-on" and "always listening." In this project, we focused on the network part, where we created an environment in which attacker can sniff and monitor packets and can launch different attacks, including denial of service (DoS), Address Resolution Protocol (ARP) poisoning, man-in-the-middle attack, among others. For this purpose, we set up the virtual environment containing the user, Google Home Mini device, and an attacker machine that launches attacks and monitor traffic. We first performed the reconnaissance and enumeration phases of attacks to select a specific network containing the Google Home Mini device. We try to locate and identify the Google Home Mini device and do banner grabbing, fingerprinting, and port scanning. We also captured Google Home Mini’s traffic in normal circumstances, and we also captured packets between Google Home Mini and other smart devices. We then performed ARP spoofing on the Google Home Mini device, an attack in which the device misidentifies the attacker machine as a routing device or a default gateway. We finally performed API analysis. This Research covers the tasks an attacker might perform to target Google Home Mini devices, including reconnaissance and enumeration, network scanning, target identification, host scanning, port scanning, OS detection, network traffic monitoring and packet capturing between Google Home Mini and other smart devices. Based on the vulnerabilities discovered and the exploitations thereof, we have also included several recommendations to harden the system and countermeasure adversary attacks.