This presentation was created and presented at the virtual conference for BSides San Antonio 2020.

Research on the attack surface during boot/provision for Google Home assistant devices. Not dropping a 0-day but research study of ways to trick the home assistant to return to provision mode allowing an attacker to put the device on a wireless network they control. Google Home, Alexa, other home assistants are making their way into the homes of people without the realization of how an attacker could abuse them. IoT security and privacy are areas of much needed improvement. This talk will cover research into behavior of the Google Home device and ways it can be forced remotely into provisioning mode for attempted manipulation via Wi-Fi. This isn’t a 0-day drop but will provide the attendee with knowledge of tested attack surfaces and the defenses for them.