> So yes, you could make them play loud music, or make me miss my alarms.
Isn't that bad enough? I would be fairly pissed if someone do that. If someone hijack my device in the middle of night and start streaming loud music, I would be pretty pissed.
Maybe not so much for alarms, though (As current design, if network goes out, alarm won't sound, so better to have backup anyways.)
I'm mainly questioning Google's decision of why they designed the device to scream out loud "hey I'm here, and I can be hijacked!" while sporadic outage of the internet is not that uncommon in residential setting where it is mainly targeted for.
And remember, those devices (especially Google Home) are capable, and often used to capture more than a directive of streaming media. Asking for your schedule, making a phone call, etc.
> And remember, those devices (especially Google Home) are capable, and often used to capture more than a directive of streaming media. Asking for your schedule, making a phone call, etc.
But that's not super exploitable even with a hijack. You can know I asked for my schedule if you took control of my device, and feed me a fake one, but the work to make that useful rather than just a dead giveaway that something is wrong is non-trivial, and involves getting a bunch of personal info more worrying than the hack itself.
And you can know I tried to call a particular named contact, but again doing much with that is non-trivial.
Well, you can ask more specific questions, not just "what's my schedule" -- it is true but mileages may vary how much of information you can get out of hijacking. Since all the words followed by "Ok Google" will be captured and saved to attackers' Google account.
Regardless of impact this problem may exhibit, my point still stands that it shouldn't be hijackable, let alone at this ease.
Isn't that bad enough? I would be fairly pissed if someone do that. If someone hijack my device in the middle of night and start streaming loud music, I would be pretty pissed.
Maybe not so much for alarms, though (As current design, if network goes out, alarm won't sound, so better to have backup anyways.)
I'm mainly questioning Google's decision of why they designed the device to scream out loud "hey I'm here, and I can be hijacked!" while sporadic outage of the internet is not that uncommon in residential setting where it is mainly targeted for.
And remember, those devices (especially Google Home) are capable, and often used to capture more than a directive of streaming media. Asking for your schedule, making a phone call, etc.