Google's Nest Thermostat can be easily hacked to spy on owners
When Google bought Nest Labs for $3.2 billion seven months ago, I described the move as the start of a home invasion. Google already knows a lot about you, including where you live, what your interests are, where you go on the Internet and in the real world (via Android), and its acquisition of Nest, which makes smart thermostats and (not so smart) smoke detectors, meant it would potentially also know what you get up to in your own home.
As it turns out, Google using Nest products to find out what customers are doing is just one worry. A team of researchers has discovered an easy hack that allows anyone to gain control of Nest’s smart thermostat and turn it into a spying device which can reveal when you’re at home or away, and even divulge your Wi-Fi credentials.
Yier Jin and Grant Hernandez from the University of Central Florida, along with independent researcher Daniel Buentello, revealed the hack at last week's BlackHat security conference in Las Vegas, and it’s a pretty simple one. Essentially, all the attacker has to do is hold down the power button and insert a USB flash drive in order to enter developer mode. From there, they can load a custom compiled kernel to gain access to the software protocols used by the device.
Yes, the hacker would need access to your home to do it, but that doesn’t make it any less of a concern -- especially as the whole attack process takes just 10-15 seconds to complete. And of course, there’s the possibility of attackers buying devices, taking control of them, and then selling them on to unwitting customers.
Explaining the methodology, the researchers said, "Although OS level security checks are available and are claimed to be very effective in defeating various attacks, instead of attacking the higher level software, we went straight for the hardware and applied OS-guided hardware attacks. As a result, our method bypasses the existing firmware signing and allows us to backdoor the Nest software in any way we choose". This includes introducing rootkits, spyware, rogue services and other network scanning methods.
"Entering into that mode allows you to upload your own code, your custom code, which allows you to attack existing code, implant your own and reboot normally, but maybe have something else running in the background," Hernandez adds. "We have access to the device on the highest level, and we can send stuff that Nest sends to us as well".