[ElijahLynn]

Was thinking about this the other day, when I heard the assistant trigger when there was _zero_ sound to prompt it. And was thinking of an attack where someone can literrally trigger a listen from outside your house. Especially dangerous because the default on a new Google Home (max hub nest truck whatever they call it) is to not have an audible prompt on a trigger.

So an attacker can literally just listen in with a press of a button. Probably gonna have to turn off this feature altogether for the immediate future.

[sirbranedamuj]

The default _used to be_ to have the sound chime. Then the default changed and it stopped doing it one day. I turned it back on and I'm glad I did - it has so many phantom activations that it's made me even more wary about having them in my house to begin with.

[jmole]

How exactly are they going to listen in? Are they on the other end of the line?

[nateferrero]

If they can get it to listen, they can theoretically have it dial a number

[squarefoot]

Or call for a fake SWAT raid to the same house, so that the owner is either being shot or imprisoned. If that can really be triggered from distance without breaking in, it would make it the perfect revenge weapon.

[Kiro]

Why would you need this hack to Swat someone?

[squarefoot]

I surely don't want to swat anyone. My concern is that someone with the right technology might use (1) this vulnerability to call a raid to an "enemy" from its own assistant without breaking in or leaving digital traces: no fingerprints, no malware installed, essentially no smoking gun, therefore creating a scenario in which the home owner might either be shot during the raid or prosecuted for calling a false alarm.

(1) - and if successful then sell the "service"

[Kiro]

My point is, you can swat someone by just calling the police pretending to be someone else. That's how everyone is doing it already. No need to do it from within the home.