From VentureBeat:
Hello, Dave. I control your thermostat. Google’s Nest gets hacked
The immortal words of Hal, the rogue computer in 2001: A Space Odyssey, showed up on the display of a Google Nest appliance control system. That’s not supposed to happen.
But hackers at the Black Hat security conference this week made those words appear on a Nest display after they showed how they compromised the device in front of an audience of hundreds. The vulnerability of the Nest device, which can control your thermostat or lighting, shows the flaws in security that could slow down the rush to connect all of our devices to the internet in the so-called “internet of things.” Hacking smart devices was a big theme of this year’s show. [See our photo gallery showing the cultures of Black Hat and Defcon here].
“This goes back to the theme of what are we sacrificing in the name of convenience,” said Daniel Buentello, a student security researcher at the University of Central Florida and one of four presenters who talked about hacking the smart device. “This is a computer that the user can’t put an antivirus on. Worse yet, there’s a secret back door that a bad person could use and stay there forever. It’s a literal fly on the wall.”
Nest uses your home’s sensors to tell when you are home, and it adjusts the temperature to your liking. If you are not home in the afternoon, Nest will put the heater or air conditioner into low-energy mode. It works so well that Google paid $3.2 billion to acquire the company earlier this year.
“If I were a bad guy, I would tunnel all of your traffic through me, sniffing for any kind of credentials like credit cards,” Buentello said. “That’s horrible because if you have a computer, it crashes and you take it to Best Buy. How the hell will you know your thermostat is infected? You won’t.”...MORE