Aaron Ardiri - IoT Blog: Google Nest gets hacked ... kinda

RSS/XML feed
198 entries available (show all)


PLEASE TAKE A MOMENT TO FOLLOW MY NEW VENTURE: RIoT Secure AB ALL SECURITY RELATED TOPICS ON IoT wILL BE POSTED THERE

2014-09-03	>> GOOGLE NEST GETS HACKED ... KINDA fear, uncertainty and doubt - this is what security experts promote best. Google's Nest seems to be the latest in the fray of Iot security and how vulnerable devices are - at this years BlackHat conference it was shown how easy it was to compromise the commercial product. The immortal words of Hal, the rogue computer who is the main star in the movie 2001: A Space Odyssey was displayed on the device - which obviously is not part of the standard experience the consumer should have. Should everyone get into a panic and run around like headless chickens? Absolutely not - there is one little bit of information that has been left out of the headline but is critical to truly understand the risks and threats specific to this situation: The hackers didn’t show they could hack the device remotely. Rather, they needed the physical access to the device. But that might not be that hard to do. You could buy devices, compromise them, and then put them up on eBay for resale. source: http://venturebeat.com/2014/08/10/hello-dave-i-control-your-thermostat-googles-nest-gets-hacked/ More specifically, the "hacker" simply connected a USB cable into the device and put it into developer mode and then they were able to download the code, make changes and then push a newer version back onto the device. Generally, rule number one of computer security: physical access == game over ... and if you think that by removing the standard USB ports manufacturers can be out of harms way? Think again - that's what soldering irons are for. As soon as the electronics are accessible it is a new ball game - but is there really nothing a product manufacturer can do? The main issue is that many IoT devices at the moment are not implementing the appropriate security measures to protect against intrusion - even simple concepts such as applying digital signatures or other techniques to validate that the code about to executed on the device has not been tampered with in anyway. Some smartphones (such as BlackBerry devices) have been doing this for years and are considered some of the secure devices known to man - even with physical access. Sure, the device could be repurposed for something else - but you can guarantee that it wouldn't use usable as originally intended. It is time for product manufacturers to take this seriously. Is BlackBerry really dead in the water? or... uniquely positioned for the Internet of Things?
advertisement (self plug): need assistance in an IoT project? contact us for a free consultation.
comments powered by Disqus

twitter @Cisco_IoT #IotChat - topic: IoT Security

Broadcom introduces the WICED dev kit and sensor tag

DISCLAIMER:
All content provided on this blog is for informational purposes only.
All comments are generated by users and moderated for inappropriateness periodically.
The owner will not be liable for any losses, injuries, or damages from the display or use of this information.