Skip to main content
  1. Home
  2. Smart Home
  3. Smart Home News

One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub

By

Greg Mombert/Digital Trends

One of the hurdles to the adoption of smart speakers is the worry that the digital assistants they carry and their accompanying hardware are prone to invasion. Naturally, manufacturers say they’re perfectly safe. But this week, one popular hacker disagrees.

Recommended Videos

Jerry Gamblin created a detailed post this week that reveals some limited but potentially harmful weaknesses in the Google Home platform. The research revealed that at least until Google puts in a fix,  the Google Home Hub can be controlled remotely using an unsecured application program interface (API) that was originally discovered in Chromecasts.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

Google says the API is there for setting up the device and does not expose user information, while its primary use is to communicate with other devices. But Gamblin clearly states that his hypothesis is that these weaknesses are well known to Google.

“I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years are relatively well documented,” he writes. “I usually would have worked directly with Google to report these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.”

The hack isn’t all-inclusive to commands for the Google Home Hub but it’s definitely a security risk. The commands that Gamblin details could enable anyone to restart the entire Home Hub, delete the currently configured wireless network or disable notifications, such as those attached to safety devices like locks and alarms.

Android Authority reached out to Google, which said:

“All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.

A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk.”

So basically, Google is confirming what Gamblin claims, but is warning people to keep their home network from being compromised.

Clayton Moore
Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
Topics

Editors’ Recommendations

Your Google TV can now control smart home devices
The Home Panel on Google TV Streamer.

In late September, Google announced a new feature for Google TV called the Home Panel that would make it easier to control all of your (compatible) smart home devices from a single location. The feature first appeared on the Google TV Streamer and then later on Chromecast, but it has now rolled out to Google TVs from other companies including Hisense, TCL, and others.

The Home Panel offers a lot of utility. It shows your lights' current brightness level, the volume level of speakers, and even live streams from security cameras. The demo video Google has on its blog shows that the user can even adjust the thermostat. All of this is done through the remote, so you don't even have to get up off the couch.

Read more
Ikea rolls out Matter support for its Dirigera smart home hub
The Ikea Dirigera Hub on a table.

Ikea already had a surprisingly robust smart home catalog, offering smart blinds, light switches, air purifiers, and a handful of other popular gadgets. It’s now grown even more enticing, as the Dirigera Hub that drives most of the action now offers full Matter support.

As of September 11, all products connected to the Dirigera Hub will work with the interoperability standard. That’s a big win for Ikea, allowing its gadgets to interact with those from other platforms like Apple Home and Google Home. To achieve this, Dirigera is being updated to become a Matter Bridge, allowing it to work with all other Matter products.

Read more
The Google Home app is getting a long-overdue feature
The Google Home logo on a Pixel phone.

According to the sleuths over at Android Authority, the Google Home app is about to get a much-needed feature that I'm honestly shocked hasn't been added yet: a search bar.

If you've never used the Google Home app before, it's sort of the command center for all things smart home in the Google smart home ecosystem. If you only have a few smart home devices, it's easy enough to navigate — but if you have an extensive smart home setup, you could have upwards of 50 devices listed in the app. If you don't take time to organize and label them, it gets unwieldy fast.

Read more