With data breaches and leaks concerning quite a few people around the world, developer Jerry Gamblin claimed that he was able to break into the Google Home Hub without much trouble. Google studied the developer’s claims and stated that it was only possible because of an undocumented API that allowed Gamblin to reboot into the Home Hub and erase the wireless network setup and turn off notifications.
Gamblin called out Google for offering “abysmal” security on Twitter. With the developer having over 11,000 followers on Twitter, it caught the attention of quite a few people. He claims that it is not very difficult to hack a Google Home Hub and exploits can be used to run several commands. Gamblin revealed in his blog that he was shocked at how poor the security on the platform was and endpoints that have been known for years could be easily exploited.
I am not an IOT security expert, but I am pretty sure an unauthenticated curl statement should not be able to reboot the @madebygoogle home hub. pic.twitter.com/gCWFm5Ofyb
— Jerry Gamblin (@JGamblin) October 27, 2018
With people all around the world concerned about their online safety, it does not come as a surprise that many were concerned with Gamblin published his findings. However, Google has tried to calm the situation stating "all Google Home devices are designed with user security and privacy top of mind and use a hardware-protected boot mechanism to ensure that only Google-authenticated code is used on the device. In addition, any communication carrying user information is authenticated and encrypted."
It is unknown if users should indeed be concerned about their Home Hub and other smart devices. With Google’s product storing personal details like voice searches, bank details, photos and much more it does leave a cause for concern.
What do you think about the Google Home Hub security flaw discovered by Jerry Gamblin? Let us know in the comments below. If you could share the article online, it would also be great so others can find it too. Come chat with us on Facebook and Twitter.