Sign up to our newsletter
Yet another “connected” device was outed as a potential spy this week – as researchers showed how Google’s Nest thermostat could be turned into a “fully-fledged spying device”.
Tom’s hardware acknowledged that Nest, designed by Tony Fadelll, a product expert known as “the father of the IPod” is among the more secure connected devices – but said that physical access could turn it into a spy device which could inform attackers of when you were home – and provide access to the home Wi-Fi credentials.
The result: “A house fully controlled by the attackers.”.
The researchers say that measures put in place to prevent wireless hacks against the Internet of Things icon actually allow a simpler, wired hack by pressing the power button, then inserting a USB Flash Drive. “However, the smartness of the thermostat also breeds security vulnerabilities, similar to all other smart consumer electronics.”
The hack is not the first against Google’s successful Internet of Things thermostat device – and like the earlier attack, it requires physical access to the Nest.
Yahoo News reports, though, that the scope of the attack is wide-rangng: “”Entering into that mode allows you to upload your own code, your custom code, which allows you to attack existing code, implant your own and reboot normally, but maybe have something else running in the background. We have access to the device on the highest level, and we can send stuff that Nest sends to us as well.”
Nest has previously been hacked, again using a USB device – allowing “total control” over the gadget. Any attacker would need physical access to the device, but once installed, the proof of concept code would allow an attacker to “make changes without ANY restrictions”,the researchers write.
ESET’s 2014 Mid-Year Threat Reportis to discuss the increasing security concerns over internet-connected devices in a segment entitled, “The Internet of (Infected) Things”. The full talk is available to download viahttps://www.brighttalk.com/webcast/1718/110971.
Author Rob Waugh, We Live Security