One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub

google home hub review 1
Greg Mombert/Digital Trends

One of the hurdles to the adoption of smart speakers is the worry that the digital assistants they carry and their accompanying hardware are prone to invasion. Naturally, manufacturers say they’re perfectly safe. But this week, one popular hacker disagrees.

Jerry Gamblin created a detailed post this week that reveals some limited but potentially harmful weaknesses in the Google Home platform. The research revealed that at least until Google puts in a fix,  the Google Home Hub can be controlled remotely using an unsecured application program interface (API) that was originally discovered in Chromecasts.

Google says the API is there for setting up the device and does not expose user information, while its primary use is to communicate with other devices. But Gamblin clearly states that his hypothesis is that these weaknesses are well known to Google.

“I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years are relatively well documented,” he writes. “I usually would have worked directly with Google to report these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.”

The hack isn’t all-inclusive to commands for the Google Home Hub but it’s definitely a security risk. The commands that Gamblin details could enable anyone to restart the entire Home Hub, delete the currently configured wireless network or disable notifications, such as those attached to safety devices like locks and alarms.

Android Authority reached out to Google, which said:

“All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.

A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk.”

So basically, Google is confirming what Gamblin claims, but is warning people to keep their home network from being compromised.

Product Review

Packed with features, the Ring Spotlight Cam Wired makes home security a breeze

With an integrated spotlight, crystal-clear video, and color night vision, this device makes home security a cinch. Here's why we like the Ring Spotlight Cam Wired as a great choice for outdoor home security.
Product Review

Ring Video Doorbell 2 is the simplest entry into a smarter doorway

The Ring Video Doorbell 2 may lack the style and sophistication of premium door-dingers, but few can match its simplicity and versatility. The device, available in both wired and wireless configurations, is easy to set up and adds instant…
Smart Home

Language barrier? Psh. Here's how to make your Google Home an ace translator

You can now use interpreter mode on your Google Home devices. This means, you can use your Google Home device to translate conversations in real-time. Here's how to use interpreter mode.
Smart Home

Google Home and Amazon Alexa are asking smart home device makers for user info

Google and Amazon want to establish a "continuous flow" of information between their servers and your smart home devices, but companies like Logitech have begun to speak out for user privacy.
Deals

The best Presidents’ Day sales 2019: Amazon, Walmart, Dell, and more

Presidents' Day sales are a great chance to score electronics, clothing, home and office stuff, and other goodies at a discount. We’ve smoked out a large handful of the best of these Presidents' Day deals, from tech to bedding, to help…
Smart Home

Perlick brings a bigger, bolder version of its high-tech fridge to KBIS 2019

Milwaukee-based manufacturer Perlick has been making refrigerators for nearly 50 years. It will be unveiling a bigger, bolder version of its popular column refrigerator at KBIS 2019.
Smart Home

No strings attached: This levitating lamp uses science to defy gravity

Now on Kickstarter, the Levia lamp is a cool industrial-looking lamp which boasts a levitating bulb. Looking for a table light that will dazzle visitors? You've come to the right place.
Deals

Walmart drops prices on Roomba Robot Vacuums for Presidents’ Day

Spring cleaning is just around the corner, and Walmart has already begun dropping prices on Roomba, Shark, and Eufy robot vacuums. For a limited time, you can save as much as $150 on a brand-new iRobot Roomba.
Deals

The best Presidents’ Day vacuum deals: Roomba, Dyson, and Bissell

Amazon and Walmart are offering pretty substantial savings to help kick-start your spring cleaning. Top brands like Roomba, Dyson, and Bissell are dropping prices left and right for Presidents' Day.
Smart Home

After camera hacks, Nest locks customers out until they change their password

Nest is locking people out of their accounts if it believes there may have been a breach. Users will have to set up a new, secure password before they are able to regain access to their account.
Smart Home

Champagne-colored fridges? Talking toilets? All the appliance trends in 2019

Ever wished you had Amazon Alexa in your bathroom or a brightly colored appliance? The Kitchen and Bath Industry Show (KBIS) starts today, and here are some of the trends we expect to see at the show and beyond.
Smart Home

Your office is a mess, and it’s making Marie Kondo cry. Here’s how to tidy it up

Here's how to "Marie Kondo" your office. If you've been inspired to remove clutter and create a minimalistic workspace that makes you happy and helps you focus on what matters, then we have ideas that you'll want to try.
Smart Home

Innit showcases new solutions for LG’s Signature Kitchen Suite at KBIS 2019

LG Electronics has equipped its new Signature Kitchen Suite devices with a host of technologies and guests of KBIS 2019 can check out the company's new innovations from Innit, including new adaptive cook programs.
Smart Home

Leviton’s Wi-Fi Load Center and Smart Circuit Breakers give your home a brain

Is your home ready for a brain transplant? Adding individual smart plugs is quick, easy, and inexpensive, but the benefits are limited to one plug at a time. Leviton's Load Center and Smart Circuit Breakers can give your home a brain.