Google debunks claims its Home Hub is a security nightmare

Click here to view original web page at www.theinquirer.net
Google denies claims it's Home Hub is a security nightmare
Google denies claims it's Home Hub is a security nightmare

GOOGLE HAS DENIED claims that its Home Hub is dangerously insecure after it was revealed that it's easy to yank information off the smart home device.

Security boffin Jerry Gamblin posed a set of instructions that uses basic lines of XML to guide would-be hackers through how to suck data from the Home Hub and even brick it.

The hack can be carried out remotely and is apparently enabled thanks to the use of an undocumented and unsecured API.

Gamblin got cracking with the hack after he connected a Home Hub to his WiFi network, scanned it and discovered the API and a slew of open ports.

"After spending 15 or 20 minutes looking I found that you can reboot the hub with this unauthenticated curl command: curl -Lv -H Content-Type:application/json --data-raw '{"params":"now"}' http://hub:8008/setup/reboot," he said.

"After I was able to get the Hub to reboot I was hooked and gave up a few hours of sleep to do some research and ended up finding a bunch of "good" information."

Gamblin noted he was "extremely disappointed" with the security on the Home Hub, especially as he, like many of us, trust Google with bucket loads of data.

"I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years and relatively well documented," he added.

So that's not exactly great to hear about the Home Hub, especially as it's a rather neat device worthy of your attention.

But Google has retorted and told Android Authority that the Home Hub isn't at risk from hackers: "A recent claim about security on Google Home Hub is inaccurate," it said.

"The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same WiFi network. Despite what's been claimed, there is no evidence that user information is at risk."

According to Google's response, only devices connected to your home network would be able to chip into the Home Hub, which means if you're network has been compromised, you've probably got bigger security problems.

We'll leave it up to you to decide if such an issues puts you off the Home Hub, but it's also a good nudge to make sure your home network and the devices on it are secure and not harbouring malware nasties. µ

Leave a Reply

Your email address will not be published. Required fields are marked *