How Google Owned Nest Could Be Used As An Entry Point Into Your Home For Hackers

TrapX Security, a security researcher, is demonstrating how the internet-connected Nest devise can be an entry point for hackers into your home.  It is important to note that for the hack to actually occur, the would-be hacker must first gain physical access to the devise.  So the likelihood of this happening organically is low.  But as the smart-house market grows people may buy these hacked devises used on eBay or craigslist.

TrapX has used information from a study by University of Central Florida engineering professor Yier Jin.  The study found that you could gain control of the Linux operating system used by the Nest devise to “jailbreak” it through the USB port.  By going through the USB TrapX was able to find the Wi-Fi password for the network Nest was hooked up to, as well as using the ARP (Address Resolution Protocol) to communicate with other devises on the network and gaining info from those devises.

Limitations of this hack include the fact that in an enterprise environment there would likely be ARP spoofing detection and that data sent through encrypted channels would be useless with ARP.

This isn’t an especially terrifying security issue seeing as it is much more of a “lab” hack.  But in a world where the smart home is a growing market it is cause for concern when many other smart home devises think of usability and accessibility as more important to security.

-Michael Grandeau

Link to the article: http://www.forbes.com/sites/aarontilley/2015/03/06/nest-thermostat-hack-home-network/?ss=Security

Link to article with UCF study: http://www.forbes.com/sites/kashmirhill/2014/07/16/nest-hack-privacy-tool/

Advertisements