Google Home Mini flaw left smart speaker recording everything

Updated: Google has released a firmware update to fix a Home Mini bug that made the device a privacy threat.
Written by Liam Tung, Contributing Writer

Video: Rapid IoT growth creates security headache

Google has fixed a problem with its new Home Mini which made the device record nearly every sound it detected and send it to Google's servers.

Google's new $50 Home Mini has been well received by reviewers, but one of those early reviewers, Android Police founder Artem Russakovskii, discovered a bug that effectively turned the Home Mini it into a spying device.

As Russakovskii explains, he'd placed the Home Mini in his bathroom but soon discovered it was waking up "thousands of times a day" and transmitting recordings to Google.

"My Google Home Mini was inadvertently spying on me 24/7 due to a hardware flaw," he wrote.

Normally the Home Mini and devices like it only wake up the assistant once "OK Google" is detected. However, the Home Mini's Google Assistant feature can also be activated by long pressing the touch panel on top of the device.

Russakovskii discovered and reported the issue to Google two days later, allowing Google to inspect the device and issue a firmware update that disabled the component that caused its hyperactive recording before it reached pre-order customers. The smart speaker is due to ship around 18 October.

Russakovskii has posted a video on YouTube showing the Home Mini activating and recording when it detects almost any sound.

According to Google, a small number of the devices it handed out at the event were registering "phantom" touch events on the touch panel.

Google says in a support note that it's fixed an issue that caused the Home Mini's touch controls to behave incorrectly. A firmware update removed the long press activation feature.

"The Google Home team is aware of an issue impacting a small number of Google Home Mini devices that could cause the touch control mechanism to behave incorrectly. We immediately rolled out a software update on October 7 to mitigate the issue."

"We take user privacy very seriously. We've removed any activity/queries that were created by long pressing the top of a Google Home Mini between October 4 and October 7, when the software update was rolled out."

Google says pre-ordered Home Mini purchases are not affected and that it has completed the roll out of new firmware. This change is also reflected in a separate support note describing the Home Mini's control functions, which says the long press is "temporarily disabled".

Update: Google has now said that it has decided to permanently remove the top tap capability.


A bug effectively turned the Google Home Mini into a spying device.

Image: Google

Previous and related coverage

Google Home Mini sounds great but lacks vision [CNET]

The Google Home Mini sounds better and looks better than the Echo Dot -- but Google needs to innovate if it wants to catch Alexa.

How SMBs can maximize the benefits of IoT initiatives [Tech Pro Research]

IoT isn't just for the big players-in fact, smaller companies often have better agility to implement practical initiatives for both internal operations and commercialized solutions.

IoT in the real world: Five top use cases [Tech Pro Research]

The number and variety of enterprise IoT initiatives are growing, but Gartner says most businesses are still holding back. Here are some compelling use cases and what companies can take away from them.

Read more about Google Home tech

Editorial standards