At Black Hat, I attended “Smart Nest Thermostat: A Smart Spy In Your Home,” presented by researchers from the the University of Central Florida. From the title, you would think that all Nest users were doomed, but this was far from the case.
In fact, in the first part of the talk the researchers discussed the steps that Nest has taken in securing the device. However, there were some privacy concerns around what data is delivered to the cloud, such as log files and other information that users cannot opt-out of.
The actual hack itself that was demonstrated required not just physical access to the device but also actually opening the device and disrupting the processor pins, which then allows you to load custom firmware onto the device through the USB port.
Therefore, the actual vulnerability isn’t exactly as sensationalistic as you might think. The researchers did show some other potential attack vectors, the most notable being that Nest connects and automatically updates itself. Clearly, this could be a significant issue if the Nest cloud were compromised and all of its customers automatically downloaded malware ridden firmware.
The impact on the trust of the device and company would come into question, so it is definitely critical that Nest keep their cloud infrastructure secure. The researchers plan to make a patch available that will stop the device from sending data to the Nest cloud, but I personally wonder if that might become an attack vector in itself, let alone void any warranty.
You can check out the presentation deck here (PDF).
- Everyday IoT Devices Packed With Alarming Number of Vulnerabilities
- Pineapple Abduction: How Android/SSL Implementation Flaws Could Jeopardize Your Personal Safety
- Data Loss Considered to be Biggest Risk for the Internet of Things
- Why You Should Care About the Apple Backdoor
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].