Skip to main content
  1. Home
  2. Smart Home
  3. News

One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub

Clayton Moore
By
Greg Mombert/Digital Trends

One of the hurdles to the adoption of smart speakers is the worry that the digital assistants they carry and their accompanying hardware are prone to invasion. Naturally, manufacturers say they’re perfectly safe. But this week, one popular hacker disagrees.

Jerry Gamblin created a detailed post this week that reveals some limited but potentially harmful weaknesses in the Google Home platform. The research revealed that at least until Google puts in a fix,  the Google Home Hub can be controlled remotely using an unsecured application program interface (API) that was originally discovered in Chromecasts.

Recommended Videos

Google says the API is there for setting up the device and does not expose user information, while its primary use is to communicate with other devices. But Gamblin clearly states that his hypothesis is that these weaknesses are well known to Google.

Related

“I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years are relatively well documented,” he writes. “I usually would have worked directly with Google to report these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.”

The hack isn’t all-inclusive to commands for the Google Home Hub but it’s definitely a security risk. The commands that Gamblin details could enable anyone to restart the entire Home Hub, delete the currently configured wireless network or disable notifications, such as those attached to safety devices like locks and alarms.

Android Authority reached out to Google, which said:

“All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.

A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk.”

So basically, Google is confirming what Gamblin claims, but is warning people to keep their home network from being compromised.

Editors' Recommendations

Topics
Clayton Moore
Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
Echo Show 8 vs. Nest Hub: Does Amazon or Google offer the best smart display?
Google Nest Hub 2nd Gen on table.

Anyone in the market for a reasonably priced smart display has probably stumbled across the Echo Show 8 and Nest Hub. Both clock in at under $150 (often less when on sale) yet provide homes with many of the same features found on premium alternatives like the Nest Hub Max and Echo Show 10.

But is the Echo Show 8 better than the Nest Hub? And what exactly is the difference between these two smart displays? Here's a comprehensive look at both to help you decide which one to bring into your smart home.
Pricing and design

Read more
Nest Hub Max vs. Echo Show 10: which is the better smart display?
The Nest Hub Max on a table.

The world of smart displays is dominated by two companies -- Amazon and Google. Amazon is responsible for the Echo Show 10, while Google is behind the Nest Hub Max. Both offer large screens, access to a massive roster of apps, and the ability to connect (and control) the rest of your smart home. There are a lot of similarities between the two popular displays, but there are a few key differences you should be aware of before adding one to your home.

Here's a closer look at the Echo Show 10 and Nest Hub Max to help you decide which is best.
Pricing and design

Read more
Nest Hub Max vs. Skylight Cal Max: Which is best for your home?
The Cal Max showing a picture while placed near a shelf.

The Nest Hub Max is one of the most premium smart displays available. Offering a vibrant screen, support for tons of apps, and the ability to sync with Google Home, it's a well-rounded and versatile smart display. The recently revealed Skylight Cal Max is a radically different sort of device -- but it's still contending for the same spot in your kitchen. Instead of offering tons of apps and services, it's a streamlined smart calendar that wants to simplify your life.

Trying to decide between these two premium displays? Here's a look at the Nest Hub Max and Skylight Cal Max to help you figure out which is best for your smart home.
Pricing and design

Read more