I’ve authored a proof-of-concept exploit that you can use to target these devices on your home network today. That demo is live at http://rebind.network. Google Home Google Home MiniThe apps used to control Google Home products make use of an undocumented REST API running on port 8008 of these devices (e.g. http://192.168.1.208:8008). The first mention of this service that I’ve been able to find s
![Attacking Private Networks from the Internet with DNS Rebinding](https://cdn-ak-scissors.b.st-hatena.com/image/square/8247331fa024c9ac6152ab156e11418eb20a81e8/height=288;version=1;width=512/https%3A%2F%2Fmiro.medium.com%2Fv2%2Fresize%3Afit%3A1200%2F1%2A8DRmpz8s38Air6_fPNSEKQ.png)