Skip to main content
  1. Home
  2. Smart Home
  3. News

One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub

By
Greg Mombert/Digital Trends

One of the hurdles to the adoption of smart speakers is the worry that the digital assistants they carry and their accompanying hardware are prone to invasion. Naturally, manufacturers say they’re perfectly safe. But this week, one popular hacker disagrees.

Jerry Gamblin created a detailed post this week that reveals some limited but potentially harmful weaknesses in the Google Home platform. The research revealed that at least until Google puts in a fix,  the Google Home Hub can be controlled remotely using an unsecured application program interface (API) that was originally discovered in Chromecasts.

Recommended Videos

Google says the API is there for setting up the device and does not expose user information, while its primary use is to communicate with other devices. But Gamblin clearly states that his hypothesis is that these weaknesses are well known to Google.

Related

“I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years are relatively well documented,” he writes. “I usually would have worked directly with Google to report these issues if they had not previously disclosed, but due to the sheer amount of prior work online and committed code in their own codebase, it is obvious they know.”

The hack isn’t all-inclusive to commands for the Google Home Hub but it’s definitely a security risk. The commands that Gamblin details could enable anyone to restart the entire Home Hub, delete the currently configured wireless network or disable notifications, such as those attached to safety devices like locks and alarms.

Android Authority reached out to Google, which said:

“All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.

A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk.”

So basically, Google is confirming what Gamblin claims, but is warning people to keep their home network from being compromised.

Editors’ Recommendations

Topics
Clayton Moore
Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
Google rolls out new Nest Cam features to Google Home for web
Nest Cams on a counter.

While many users access Google Home on their smartphone or smart display, the platform is also available via web browser. The web-based Google Home experience wasn't exactly the best way to access your smart devices, but that's rapidly changing as Google rolls out new updates to the client -- the latest of which adds a ton of new ways to access your Nest Cams.

Google began rolling out the update late last week, and most users should now have access to the improved Google Home for web experience. The big draw is access to your Nest Cam history and the option to download clips. Prior to this update, it was impossible to view recorded clips via Google Home for web, forcing you to instead jump into the official Google Home app.

Read more
Echo Hub vs. Echo Show 15: Which is the best smart home gadget?
Amazon Fire TV on Echo Show 15.

The Echo Hub might look like a smart display, but it actually falls into a category of smart home products known as smart control panels. Unlike smart displays, which are jack-of-all-trades entertainment hubs, control panels are designed to give you enhanced control over the rest of your smart home. That's an important distinction, and it's one of the main differences between the Echo Hub and Echo Show 15.

But is the Echo Hub or Echo Show 15 better for your smart home? Here's everything you need to know before making a purchase.
Pricing and design

Read more
The 6 best Echo Hub tips and tricks
The Echo Hub on a stand.

Amazon's first smart control panel, the Echo Hub, is officially here. It's not without a few quirks, but it offers a great way to access all your smart home gadgets in one unified location. Thousands of products can be connected to the panel, and with full Matter support, it's a relatively future-proofed device. If you're looking to get the most out of your new control panel, here's a look at the six best Echo Hub tips and tricks to optimize its performance.
Customize your Echo Hub home screen before you do anything else

There are tons of ways to modify your Echo Hub home screen. After syncing all your smart home devices, you can create a variety of tiles for the home screen that give you quick access to all your features. Take some time to create widgets, shortcuts, and other tiles for your most-used devices and actions, as it'll streamline your smart home and save you the hassle of digging through menus.
Check out all the privacy settings
Like all things Alexa, there are plenty of privacy settings for you to tinker with on the Echo Hub. While the control panel benefits from a microphone button and the option to delete voice recordings, you can also dig into other Alexa settings to ensure your privacy is respected.
Launch Routines directly from the Echo Hub

Read more