The Inquirer-Home

Hackers root Google's Nest thermostat in 15 seconds

Firm advises buying one of its security cameras
Mon Aug 11 2014, 16:33

nest-thermostatGOOGLE'S NEST THERMOSTAT has been rooted by hackers at the Black Hat Conference in Las Vegas.

In the demonstration that the team has replicated on Youtube, Daniel Buentello from the University of Central Florida shows how he is able to gain root access and remote control over a Nest thermostat via USB in 15 seconds.

The smart thermostat maker, which was bought by Google earlier this year for $3.2bn, has been made the focal point of the "Works with Nest" programme, an Internet of Things initiative that allows a growing number of household appliances to interact.

Speaking to the conference, Buentello pointed out, "This is a computer that the user can't put an antivirus on. Worse yet, there's a secret back door that a bad person could use and stay there forever. It's a literal fly on the wall."

While The INQUIRER does not condone Buentello's use of the word "literal", he made a valid point. If this is the hub device of our automated home, then a rogue element could leave in the realms of dystopian Sci-Fi.

To illustrate the point, Bentello's demonstration changed the display of the Nest to an image of HAL the killer computer from 2001, with the message, "I know that you and Frank were planning to disconnect me, and I am afraid that is something I cannot allow to happen."

A statement from Zoz Cuccias of Nest given to Venturebeat does little to quell the concern, as it turns into a sales pitch. "All hardware devices - from laptops to smartphones - are susceptible to jailbreaking; this is not a unique problem. This is a physical jailbreak requiring physical access to the Nest Learning Thermostat. If someone managed to get in your home and had their choice, chances are they would install their own devices, or take the jewelery."

He went on to suggest, "One of your best defenses is to buy a Dropcam Pro so you can monitor your home when you're not there."

By sheer coincidence, Dropcam was purchased by Nest in June and is part of the "Works with Nest" programme, making it potentially susceptible to malware from a hacked Nest thermostat. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Internet of Things at Christmas poll

Which smart device are you hoping Santa brings?