Open the pod bay doors Google ...

Subject: General Tech | November 1, 2018 - 01:56 PM |
Tagged: google, security, iot, Home Hub

There is an undocumented web API in Google's Home Hub which is causing a bit of concern over at The Register and elsewhere.  This mysterious connection is available to anything on the same WiFi network as the Home Hub and it does not check for any authentication or tokens which means anyone connected to your WiFi can successfully connect and start to play with your settings.  Currently there is code which is capable of rebooting the device or to completely delete the current configured network, requiring you to rebuild it from scratch.  That could be very annoying if the delete command is coming from malware already inside the house, as it were. 

Hopefully there will be some basic authentication added ASAP, as that is a very blatant oversight.

View Full Size

"A spokesperson for Google confirmed that any device, computer, or smartphone on the Wi-Fi network of a Home Hub can command the assistant as described above – that includes mischievous malware on a PC, for example."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Video News


No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.