Google denies that its Home Hub is a nightmare for security

GOOGLE REFUSED says his home hub is dangerously unsafe after discovering that it was easy to extract information from the smart device.

Security boffin Jerry Gamblin presented a set of instructions that use XML baselines to guide potential hackers on how to absorb data from the Home Hub and even tinker with them.

The hacking can be done remotely and is apparently enabled through the use of an undocumented and insecure API.

Gamblin started cracking after connecting a Home Hub to its WiFi network, scanned it and discovered the API and a host of open ports.

"After 15 or 20 minutes of searching, I discovered that you can restart the hub with this unauthenticated curl command: curl -Lv -H Content-Type: application / json –data-raw & # 39; {"params": "now"} http: // hub: 8008 / setup / reboot, "he said.

"After successfully restarting the hub, I was caught off guard and I took a few hours of sleep to do some research and I ended up finding a bunch of" good "information. "

Gamblin said that he was "extremely disappointed" with the security on the Home Hub, especially since, like many of us, he trusts Google for loads of data.

"I am sincerely shocked by the poor overall security of these devices, especially when you find that these parameters have been known for years and are relatively well documented," he added.

So it is not really great to hear about the Home Hub, especially since it is a device rather neat and worthy of your attention.

But Google retorted and said Android Authority hackers are unlikely to cause problems at the Home Hub: "A recent assertion about security on Google Home Hub is inaccurate," he said.

"The mobile apps mentioned in this app are used by mobile apps to set up the device, and they're only accessible if those apps and the Google Home device are on the same WiFi network." has been claimed, there is no evidence that the user's information is in danger. "

According to Google's response, only devices connected to your home network could integrate the Home Hub, which means that if your network is compromised, you probably have bigger security issues.

I am not an IOT security expert, but I am pretty sure that an unauthenticated curl statement should not be able to restart the system. @madebygoogle hub at home. pic.twitter.com/gCWFm5Ofyb

– Jerry Gamblin (@JGamblin) October 27, 2018

We'll let you decide if such issues get you away from the Home Hub, but it's also a good way to make sure your home network and the devices it hosts are secure and do not contain malware. μ

Further reading