- GPS app gave hacker ability to remotely shut off car engines 3 Years Ago
- Scott Walker wore jeans for sexual assault awareness, and Twitter is reminding him of his misogynist past 3 Years Ago
- Hacked Lime scooters make sexual comments to riders Today 3:03 PM
- ‘Bonding’ squanders its potential with weak jokes and limp structure Today 2:49 PM
- The safest place for ‘Game of Thrones’ memes is in the crypts Today 2:23 PM
- Report: Fortnite developer Epic Games is working employees into the ground Today 1:57 PM
- Damian Lillard’s game-winning 3-pointer inspired a plethora of memes Today 12:17 PM
- Gamers are blaming socialism for making the women in Mortal Kombat ‘ugly’ Today 11:36 AM
- Nickelodeon is selling SpongeBob toys based on popular memes Today 11:25 AM
- Alex Jones protests outside the White House by shouting the name of his website Today 11:13 AM
- ‘I Think You Should Leave with Tim Robinson’ has an absurd conclusion for every scenario Today 10:52 AM
- Twitch star TF Blade banned for racial slur—but he swears he didn’t say it Today 10:43 AM
- Steve King says backlash to white nationalism comment was like what Jesus went through Today 10:23 AM
- Netflix movies are still eligible for Oscars, Academy rules Today 10:21 AM
- Sheriff’s deputy makes homophobic comments on Facebook after gay teen’s suicide Today 10:02 AM
Security flaw compromises location of Nest Thermostat owners
Princeton student finds flaw in Nest Labs device.
A security bug discovered by Princeton researchers leaked the location information of Nest Thermostat owners over the Internet.
The Nest Learning Thermostat first launched in 2011, with the company claiming that its Internet-connected data logging and app-like interface could save homeowners money by learning when to adjust itself for maximum energy conservation. Google purchased Nest for $3.2 billion last year, and it is now under the umbrella company Alphabet.
Nest was quick to respond to the Princeton findings, but while the vulnerabilities existed anyone searching through network traffic could obtain this unencrypted information. The vulnerability came from Nest’s weather update feature, which leaked the locations of customer homes.
The findings were discovered by Sarthak Grover, a Ph.D student at the Center for Information Technology Policy at Princeton, and research fellow Roya Ensafi. Grover and Ensafi tested a number of Internet of Things devices for security flaws including Pixstar Smart Photoframe, Ubi voice-control device and Samsung SmarThings Hub. They presented their research last week at PrivacyCon 2016 in Washington D.C.
“The security of the Internet of Things is a huge issue,” EFF Senior Staff Attorney Lee Tien wrote in an email to the Daily Dot. “A lot of IoT devices are small and relatively inexpensive, and might well rely on wifi connections to the cloud. How’s that data going to be secured? Is it encrypted or will it be transmitted in the clear available for processing by anyone who can capture it? Obviously, if I learn that your home thermostat is sitting at 55 degrees in the winter, I can make a good guess about whether anyone’s at home.”
This is not the first security vulnerability from Google‘s sister company, Nest, and its first child, the Nest Learning Thermostat. Last year we reported on a 15-second USB hack that would give hackers full remote controls and access to information on the daily whereabouts of owners.
Even with these findings Grover considered Nest’s Thermostat to be “one of the more secure devices” in his test. It is not the sort of title that would instill confidence in the security of our future technology. So next time you think of making your house a little smarter keep in mind that while some of these devices are smart enough to store your information, they might be missing the part of the brain that keeps it safe from others.
H/T Motherboard | Photo via Nest