Google calls Home Hub security claims 'inaccurate'
After a hacker found vulnerabilities in the Home Hub's code, Google pointed out that you need to be on the same Wi-Fi network to exploit the code.
If you're investing in a smart home , make sure your Wi-Fi network is secure.
Jerry Gamblin, a popular hacker and self-professed security advocate, posted a blog onto his site detailing security vulnerabilities in the new Google Home Hub. The Home Hub is Google's recently released smart display that combines the voice controlled functionality of a smart speaker with a touchscreen for watching videos or scrolling through recipes.
Gamblin tweeted out his findings:
I am not an IOT security expert, but I am pretty sure an unauthenticated curl statement should not be able to reboot the @madebygoogle home hub. pic.twitter.com/gCWFm5Ofyb
— Jerry Gamblin (@JGamblin) October 27, 2018
Another of his tweets called the Home Hub's security "dismal." In short, Gamblin found that you could use pieces of the Home Hub's code to remotely control the device and potentially put a user's information at risk. Gamblin didn't access specific user information in his hack, but he was able to remotely reboot the device, erase certain settings, and turn off notifications.
Google has responded to Gamblin's work. A spokesperson pointed out to CNET that by his own description, Gamblin is not a security expert. The spokesperson emphasized that "Despite what's been claimed, there is no evidence that user information is at risk."
Here is Google's full statement on the issue:
"All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.
A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what's been claimed, there is no evidence that user information is at risk."
To access the code Gamblin used, you'd have to be on the same Wi-Fi network as the Home Hub. Plenty of smart home devices would be vulnerable if a hacker gained access to your Wi-Fi network. Since you can make purchases and store calendar information with the Home Hub, it's a good idea to secure your Wi-Fi.
Everything Amazon announced in September: From a new Dot to a microwave.
Pixel 3 and Pixel 3 XL: What you need to know about Google's new smartphones