There’s no doubt that we are living in the age of the smart home, and despite misgivings around security issues, the public has largely accepted connected devices with open arms (and wallets).
Unfortunately, it seems some of those misgivings aren’t completely baseless, as developer Jerry Gamblin found he was able to hack into his new Google Home Hub with relative ease.
He claims he was able to do this due to an undocumented API, which allowed him to reboot the Home Hub, erase the wireless network setup, and disable notifications, which is fairly alarming for Home Hub owners.
I have spent the last two evenings looking at the security of the new Google Home Hub, and it is beyond dismal. It allows near full remote unauthenticated control by an (undocumented) API. https://t.co/gsrLoLOtfyOctober 30, 2018
Gamblin also released a video, which appears to show him rebooting the Home Hub remotely:
I am not an IOT security expert, but I am pretty sure an unauthenticated curl statement should not be able to reboot the @madebygoogle home hub. pic.twitter.com/gCWFm5OfybOctober 27, 2018
Hackers gonna hack
Google has denied Gamblin’s claims, telling Android Authority that “all Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.”
How concerned we should be about the security of our Home Hubs and other smart devices is unclear. Are we really surprised that a hacker was able to hack into a smart device?
Of course, it’s worrying when you bring things like personal data including voice searches, photos, and bank details into the mix, but we wouldn’t suggest throwing your Home Hub out the window just yet.