Skip to main content
  1. Home
  2. Smart Home
  3. News

One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub

By
Greg Mombert/Digital Trends

One of the hurdles to the adoption of smart speakers is the worry that the digital assistants they carry and their accompanying hardware are prone to invasion. Naturally, manufacturers say they’re perfectly safe. But this week, one popular hacker disagrees.

Jerry Gamblin created a detailed post this week that reveals some limited but potentially harmful weaknesses in the Google Home platform. The research revealed that at least until Google puts in a fix,  the Google Home Hub can be controlled remotely using an unsecured application program interface (API) that was originally discovered in Chromecasts.

Recommended Videos

Google says the API is there for setting up the device and does not expose user information, while its primary use is to communicate with other devices. But Gamblin clearly states that his hypothesis is that these weaknesses are well known to Google.

“I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years are relatively well documented,” he writes. “I usually would have worked directly with Google to report these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.”

The hack isn’t all-inclusive to commands for the Google Home Hub but it’s definitely a security risk. The commands that Gamblin details could enable anyone to restart the entire Home Hub, delete the currently configured wireless network or disable notifications, such as those attached to safety devices like locks and alarms.

Android Authority reached out to Google, which said:

“All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.

A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk.”

So basically, Google is confirming what Gamblin claims, but is warning people to keep their home network from being compromised.

Editors’ Recommendations

Topics
Clayton Moore
Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
How to use the Google Home app on a computer
Google Home icon on home screen.

Google Home makes it easy to manage all your smart devices through your smartphone or tablet. Giving you access to your camera feeds, smart thermostat, smart lights, and more, Google Home is one of the most popular smart home platforms on the market. But while there's a lot to love about Google Home, it lacks full PC support. However, that's slowly starting to change – here's a look at how to use the Google Home app on your PC and control your devices from a larger display.
Can you use the Google Home app on a PC?
Google Home doesn't have a PC app, but it does have a website. Unfortunately, Google notes that Google Home for web is in Public Preview, meaning not all features are available and you may encounter glitches during use. The website is seeing constant updates, so there's a good chance it'll work just as well as the mobile apps in the future. Be sure to check it out regularly to see what's been added.

There are a few other workarounds you can implement to get Google Home on your PC. Read on to learn about the alternatives.
Use Google Home through your Chromebook

Read more
Echo Hub vs. Echo Show 8: Which is the best option for your smart home?
An Echo Hub mounted on the wall near a living room.

The Echo Hub and Echo Show 8 (3rd Gen) are two of the newest products to join the Amazon catalog. Both are designed with large touchscreens and make it easy to access the Alexa voice assistant, connected smart gadgets, and your favorite apps. But while the two share a few similarities, there are big differences between the Echo Hub and Echo Show 8.

Here's a closer look at the Echo Hub and Echo Show 8 to help you decide which is best for your smart home.
Pricing and design

Read more
What is the Amazon Echo Hub?
A person using the Amazon Echo Hub.

Amazon already has a robust lineup of smart displays, but the new Echo Hub is something entirely different. While it looks a bit like an Echo Show, the Echo Hub isn't a smart display -- it's a smart home hub designed to be mounted directly on your wall.

Unlike the Echo and Echo Show products, the Echo Hub isn’t a tabletop device. In fact, you'll need to pay extra for an optional stand just so you can place it on your table or countertop. That's because the Echo Hub is a smart control panel, not a smart speaker or smart display. Amazon bills the Echo Hub as "an Alexa-enabled control panel for your smart home devices." After getting it mounted to your wall, it'll sync up with the rest of your smart home and make it easy to control your various gadgets via its touchscreen.

Read more