We need to talk about Google Home Hub’s “beyond dismal” security

The news is quite alarming. Gamblin called security on the new Made by Google Home Hub “beyond dismal” in a blog highlighting several vulnerabilities of the new smart home device. Gamblin, who calls himself a ‘security advocate, problem solver and hacker’, was able to pull important information from the device and, in some cases, even brick it completely. Gamblin wrote in the post: “I am genuinely shocked by how poor the overall security of these devices are, even more so when you see that these endpoints have been known for years and relatively well documented.”

Android Authority reached out to Google for a comment on the allegations and the Mountain View company said that Gamblin’s claims are inaccurate: “The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what’s been claimed, there is no evidence that user information is at risk.”

Basically, Google is saying that you’d have to be connected to the same network as the Home Hub for Gamblin’s method to work. So you can hack yourself, but that’s it. Still, it’s something to think about, isn’t it?

Security and privacy is a wider smart home issue

Google is not the only company to have experienced this kind of scrutiny over its security, of course. Back in February, the IT security company ESET published research that raised concerns about devices from Netatmos, D-Link, Nokia, Sonos and Amazon Echo. Samsung SmartThings Hub was found to be wide open to attack in July this year after Cisco Talos' cybersecurity team discovered more than 20 bugs that hackers could utilize.

It’s not only hackers that have made headlines either. Who can forget when, in May this year, an Alexa recorded a private conversation between husband and wife in Portland, Oregon, and sent it to a random number in their address book? Does it still count as hacking if your device did it all by itself?

• Amazon: how much Alexa does the world need?

Research by Statistica states that revenue in the smart home market already amounts to $20.53m in 2018 with the number of active households expected to amount to 56.7m by 2022. Yet, I get the sense that we are racing towards this smart home revolution with the same blind naivety with which we all ended up connected to the Stasi wet dream we call social media.

I was encouraged when Google revealed its Home Hub to find that, unlike the Echo Show and Facebook’s Portal, it didn't feature a camera. I took that, rather optimistically I’ll admit, as a sign that Google was finally coming around to privacy as a legitimate USP. The same does not appear to be true for security.

I can picture a future where solutions to these issues become selling points that make consumers buy one device over another. Am I crazy?

Is it just me who wants to have a serious conversation about both security and privacy before we board this revolution? Let us know what you think in the comments.

Source: TechCrunch