Google calls Home Hub security claims ‘inaccurate’
June 24, 2019
Jerry Gamblin, a popular hacker and self-professed security advocate, posted a blog onto his site detailing security vulnerabilities in the new Google Home Hub. The Home Hub is Google’s recently released smart display that combines the voice controlled functionality of a smart speaker with a touchscreen for watching videos or scrolling through recipes.
Gamblin tweeted out his findings:
Another of his tweets called the Home Hub’s security ‘dismal.’ In short, Gamblin found that you could use pieces of the Home Hub’s code to remotely control the device and potentially put a user’s information at risk. Gamblin didn’t access specific user information in his hack, but he was able to remotely reboot the device, erase certain settings, and turn off notifications.
Google has responded to Gamblin’s work. A spokesperson pointed out to CNET that by his own description, Gamblin is not a security expert. The spokesperson emphasized that ‘Despite what’s been claimed, there is no evidence that user information is at risk.’
Here is Google’s full statement on the issue:
‘All Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted.
A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what’s been claimed, there is no evidence that user information is at risk.’
To access the code Gamblin used, you’d have to be on the same Wi-Fi network as the Home Hub. Plenty of smart home devices would be vulnerable if a hacker gained access to your Wi-Fi network. Since you can make purchases and store calendar information with the Home Hub, it’s a good idea to secure your Wi-Fi.