Google says flaw allowed new home speaker to eavesdrop on users, secretly record conversations

A major flaw has been detected in the newly-unveiled Google Home Mini speaker that allows it to secretly record conversations without users knowing.

Last week, Google showed off its next-generation smart speakers at an event in San Francisco. Following the event, it sent members of the press home with a review unit of the Google Home Mini, expected to launch on October 19.

Android Police tech blogger and founder Artem Russakovskii was the first to discover a bug in the software used by those devices. After using the gadget, he went to his Google activity account page and noticed it was populated with audio clips recorded in his home.

The Google Home Mini saved recordings at times when the wake word “OK Google” wasn’t used. (A wake word typically triggers smart devices like Google Home and the Amazon Echo to start listening to your verbal commands).

It’s not uncommon for companies like Google and Amazon to keep the audio smart speakers hear — but in this case, the device wasn’t activated by the wake word.

“My Google Home Mini was inadvertently spying on me 24/7 due to a hardware flaw,” he wrote on the site.

A Google spokesperson confirmed the issue to CNN Tech and said it stems from the touchpad, known as the activation button, on the devices given to early reviewers.

Unable to fix the glitch with the touchpad, Google has sent out a software update which will now permanently disable it. This means users will only be able to activate the device with voice commands. The volume and on/off buttons on the side of the device will continue to work.

“We take user privacy and product quality concerns very seriously. Although we only received a few reports of this issue, we want people to have complete peace of mind while using Google Home Mini,” the Google spokesperson said.

Because the Google Home Mini ($49) doesn’t officially launch until next week, no paying customers have been impacted.

Meanwhile, it appears the new larger-sized Google Home Max smart speaker ($399) doesn’t have the bug.

But the issue draws attention to the privacy concerns over “always-on devices” that listen for wake words.

“The Federal Trade Commission and Department of Justice should investigate this incident, as well as the general use of ‘always-on’ devices,” Marc Rotenberg, the President of the Electronic Privacy Information Center (EPIC) told CNN Tech.

EPIC has pending complaints with the FTC and DOJ alleging that always-on devices like Google Home, Echo and Siri violate consumer protection law and federal wiretap law.

In the meantime, Google allows users to deactivate any existing Google devices from saving audio recordings via its settings page.