[ad_1]
One of the barriers to adopting smart speakers is the fear that the digital assistants they carry and the equipment that accompanies them are prone to invasion. Naturally, all manufacturers say they are perfectly safe. But this week, a popular hacker does not agree.
Jerry Gamblin has created a detailed publication this week that reveals some of the limited but potentially dangerous weaknesses of the Google Home platform. Research has revealed that at least until Google puts up a fix, the Home Hub can be remotely controlled with the help of a program interface. unsafe application (API) originally discovered in Chromecasts.
Google indicates that the API is there to configure the device and does not expose the user information, while its main use is to communicate with other devices. But Gamblin clearly states that his assumption is that these weaknesses are well known to Google.
"I am sincerely shocked by the poor overall security of these devices, especially when you find that these endpoints are known for years are relatively well documented," he writes. "I would have usually worked directly with Google to report these problems if they had not already revealed it, but because of the sheer amount of previous online work and code engaged in their own base of code, it is obvious that they know it. "
The hack does not include Google Home Hub orders, but it's definitely a security risk. Gamblin's detailed commands could allow anyone to restart the entire Home Hub, remove the currently configured wireless network, or disable notifications, such as those attached to security features such as locks and alarms. .
Android Authority contacted Google, who said:
"All Google Home devices are designed with security and privacy in mind, and use a hardware-protected startup mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication bearing user information is authenticated and encrypted.
A recent assertion about security on Google Home Hub is inaccurate. The mobile applications mentioned in this claim are used by mobile applications to configure the device. They are only accessible when these apps and the Google Home device are on the same Wi-Fi network. Despite what has been claimed, there is no evidence that user information is at risk. "
So, basically, Google confirms what Gamblin claims, but warns people not to compromise their home network.
Source link