Home » Google Refutes Reported Home Hub Security Flaw
Business Legal Science Technology Trending

Google Refutes Reported Home Hub Security Flaw

Summary:

Security researcher Jeremy Gamblin discovered a way to brick Google Home Hub by exploiting an ‘€œundocumented (and amazingly unsecured)’€ API. He managed to reboot the device, delete its Wifi network, and disable notifications. Google refutes this security flaw, saying the API mentioned is used by mobile apps to configure the device and only accessible if the device and apps are on the same WiFi network. ‘€œDespite what’€™s been claimed, there is no evidence that user information is at risk.’€

Questions:

  • Should Google add protections from malicious actors even if exploits are difficult?
  • Is gaining access to a password-secured WiFi network authentication enough?

Article:

A security researcher discovered a series of commands that could be used to brick the Google Home Hub. According to Jeremy Gamblin, it’s possible to exploit a “undocumented (and amazingly unsecured)” API. It can be used to force the device to reboot or reveal data about a victim’s network.

Gamblin wrote in a blog post that after he purchased the Google Home Hub and set it up in his home, he noticed a number of open ports being used by the device. Curiosity got the best of him, and he started using the command prompt on his computer to text the smart display’s security. What he found was that it’s possible to force a reboot with a single line of code. After a bit more playing around, Gamblin was able to delete the Google Home Hub’s WiFi network, disable notifications and just generally be a pest.

For its part, Google seems far less concerned about the perceived security flaw than Gamblin. “A recent claim about security on Google Home Hub is inaccurate,” a spokesperson for Google told Engadget. “The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what’s been claimed, there is no evidence that user information is at risk.”

Read More: https://www.engadget.com/2018/10/31/google-home-hub-api-security-flaw/

#e9511f36_efe2_466c_9577_750d621ee32f

Related posts

Colorado Elects Nation’s First Openly Gay Governor

admin

Amazon’s HQ2 Spectacle Isn’t Just Shameful-It Should Be Illegal

admin

The Internet Will Be The Death Of Us

admin