Skip to main content

One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub

Greg Mombert/Digital Trends

One of the hurdles to the adoption of smart speakers is the worry that the digital assistants they carry and their accompanying hardware are prone to invasion. Naturally, manufacturers say they’re perfectly safe. But this week, one popular hacker disagrees.

Jerry Gamblin created a detailed post this week that reveals some limited but potentially harmful weaknesses in the Google Home platform. The research revealed that at least until Google puts in a fix,  the Google Home Hub can be controlled remotely using an unsecured application program interface (API) that was originally discovered in Chromecasts.

Recommended Videos

Google says the API is there for setting up the device and does not expose user information, while its primary use is to communicate with other devices. But Gamblin clearly states that his hypothesis is that these weaknesses are well known to Google.

Please enable Javascript to view this content

“I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years are relatively well documented,” he writes. “I usually would have worked directly with Google to report these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.”

The hack isn’t all-inclusive to commands for the Google Home Hub but it’s definitely a security risk. The commands that Gamblin details could enable anyone to restart the entire Home Hub, delete the currently configured wireless network or disable notifications, such as those attached to safety devices like locks and alarms.

Android Authority reached out to Google, which said:

“All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.

A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk.”

So basically, Google is confirming what Gamblin claims, but is warning people to keep their home network from being compromised.

Clayton Moore
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
Home Depot’s Hubspace is a great way to start building your smart home
The Hubspace app shown in front of a living room.

Building a smart home can be intimidating. Not only do you have to figure out which products are best for your needs, but you also need to set them up using an accompanying mobile app and sync them with the rest of your gadgets. It's all a bit confusing for smart home newcomers -- but Home Depot has largely streamlined the process with its Hubspace platform.

Billed as a "smart home platform that makes smart home products easy to set up and control," it sounds like a great fit for smart home newbies. And after going hands-on with a few products in its growing lineup, I can say it definitely hits all the right notes.
Streamlined and simple

Read more
Google rolls out new Nest Cam features to Google Home for web
Nest Cams on a counter.

While many users access Google Home on their smartphone or smart display, the platform is also available via web browser. The web-based Google Home experience wasn't exactly the best way to access your smart devices, but that's rapidly changing as Google rolls out new updates to the client -- the latest of which adds a ton of new ways to access your Nest Cams.

Google began rolling out the update late last week, and most users should now have access to the improved Google Home for web experience. The big draw is access to your Nest Cam history and the option to download clips. Prior to this update, it was impossible to view recorded clips via Google Home for web, forcing you to instead jump into the official Google Home app.

Read more
Echo Hub vs. Echo Show 15: Which is the best smart home gadget?
Amazon Fire TV on Echo Show 15.

The Echo Hub might look like a smart display, but it actually falls into a category of smart home products known as smart control panels. Unlike smart displays, which are jack-of-all-trades entertainment hubs, control panels are designed to give you enhanced control over the rest of your smart home. That's an important distinction, and it's one of the main differences between the Echo Hub and Echo Show 15.

But is the Echo Hub or Echo Show 15 better for your smart home? Here's everything you need to know before making a purchase.
Pricing and design

Read more