One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub

google home hub review 1
Greg Mombert/Digital Trends

One of the hurdles to the adoption of smart speakers is the worry that the digital assistants they carry and their accompanying hardware are prone to invasion. Naturally, manufacturers say they’re perfectly safe. But this week, one popular hacker disagrees.

Jerry Gamblin created a detailed post this week that reveals some limited but potentially harmful weaknesses in the Google Home platform. The research revealed that at least until Google puts in a fix,  the Google Home Hub can be controlled remotely using an unsecured application program interface (API) that was originally discovered in Chromecasts.

Google says the API is there for setting up the device and does not expose user information, while its primary use is to communicate with other devices. But Gamblin clearly states that his hypothesis is that these weaknesses are well known to Google.

“I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years are relatively well documented,” he writes. “I usually would have worked directly with Google to report these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.”

The hack isn’t all-inclusive to commands for the Google Home Hub but it’s definitely a security risk. The commands that Gamblin details could enable anyone to restart the entire Home Hub, delete the currently configured wireless network or disable notifications, such as those attached to safety devices like locks and alarms.

Android Authority reached out to Google, which said:

“All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.

A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk.”

So basically, Google is confirming what Gamblin claims, but is warning people to keep their home network from being compromised.

Product Review

4K in home security is finally here, thanks to Arlo’s Ultra UHD smart cam

The 4K home security camera is finally here! Class-leading image clarity and a super-wide field of vision makes Arlo Ultra an early contender for the year’s best smart cam. While there are definite quirks to the device, the device…
Product Review

You won't buy Microsoft's Surface Hub 2S, but it could still change your life

The Microsoft Surface Hub 2S wants to change the way you collaborate at work. That’s a lofty goal most devices fail to achieve, but the unique Hub 2S could be an exception. And trust us – you’re going to want it.
Mobile

Apple adds Confirm Subscription prompt on iOS to prevent accidental sign-ups

Apple added a Confirm Subscription prompt for in-app subscriptions. This will help prevent accidental sign-ups for iOS device owners, and will also protect them against apps that try to trick users into confirming in-app subscriptions.
Computing

Apple may take Face ID to the next level, scan retinas for increased security

Apple might take Face ID to the next level in an upcoming device update as new patent filings show the company exploring retina scanning, which might bring an additional layer of security to the platform.
Deals

Amazon slashes Easter Week prices for Dyson vacuums and air purifiers

Amazon slashed the prices on many Dyson high-tech products, including vacuum cleaners, air purifiers, and more for Easter Week. Dyson's premium household tools attract millions of fans and Amazon took deep discounts on popular products.
Smart Home

What you need to know before buying a new washer and dryer

Washers and dryers are big, expensive appliances that you'll want to last for decades. Our buying guide will help you sift through all the options and find the best machines for you.
Deals

Amazon and Best Buy halve the price of the Facebook Portal for Mother’s Day

Amazon and Best Buy both cut the price in half for the Facebook Portal smart display for Mother's Day. The Portal's smart camera will follow you as you move around the room during video calls. The Portal also has Amazon Alexa built in.
Smart Home

From the kitchen to the bedroom, here are the best Alexa tips and tricks

Amazon's voice assistant Alexa has plenty of neat skills. So many, in fact, it seems like new ones appear every day. We've rounded up the top Echo tips and tricks to help you get the most out of your virtual assistant.
Smart Home

Ring home security system now works as a hub for smart home devices

Ring is helping the issue of smart home fragmentation with its Works With Ring program. It lets thousands of smart home devices built on Z-Wave connect to Ring's Alarm Base Station.
Smart Home

Philips Hue users can activate their favorite routines through Google Home

Philips Hue expanded its Google Home integration through the Gentle Sleep and Wake routine. Just give Google the proper instructions are your lights will brighten or dim over half an hour.
Smart Home

There will be 200 million smart speakers by year’s end, analysts say

A new report by the research and analysis firm Canalys predicts that more than 200 million smart speakers will be engaged by users by the end of 2019, which is a growth of over 82% from last year.
Smart Home

Oh, Zuck, no! Facebook rumored to be creating a voice assistant to rival Alexa

Facebook hasn't been a big player in the smart speaker market, but that may be changing: The social media giant is reportedly working on a digital assistant to compete against Alexa and others.
Smart Home

SMEG debuts colorful dual-fuel Portofino 48-inch ranges for no-compromise cooks

When SMEG launches new kitchen appliances, you can count on retro-classic design, gorgeous high-end finishes, envy-inducing functional wizardry, and lofty prices. This week SMEG launched its Portofino Dual-Fuel 48-inch Pro-Style Range.
Deals

Walmart offers big price cuts on air fryers from La Gourmet and Farberware

Walmart made deep price cuts on air fryers from La Gourmet, Farberware, and others. Air frying is faster, healthier, and easier to clean than traditional deep frying. You also can use most air fryers for baking, roasting, and grilling.