Advertisement
Tech

This easy Nest thermostat hack opens your home to attackers

Scary? Yes. Surprising? Not even a little.

Photo of Micah Singleton

Micah Singleton

Article Lead Image

Like most things connected to the Internet, the Nest thermostat can and has been hacked. But this one is so simple, it’s frightening.

Featured Video

At the Black Hat security conference in Las Vegas on Thursday, three researchers revealed how easy it is to infiltrate the device, as reported by Tom’s Guide.

Yier Jin, Grant Hernandez, and Daniel Buentello broke down the process of hacking a Nest, which is much easier and scarier than most would expect. “Based on our analysis, we have figured out a hardware backdoor and through this backdoor we can get remote control of the whole device,” Jin said.

Holding down the home button for 10 seconds and plugging in a USB drive is all it took for the researchers to gain full access to the Nest. While the Nest is usually fully secured, the extended press of the home button forces the device into debugging mode, making it available to receive new commands, this time via a USB drive outfitted with custom firmware.

Advertisement

The USB port is only on the Nest in case firmware updates can’t be sent over the Internet. It only takes 15 seconds for someone to gain full control over your Nest.

At this point, you may ask, why does it matter if someone can hack my Nest? What can they really do with it? Much more than you think.

The Nest is essentially a computer. It contains 2GB of storage, proximity sensors, and mesh and Wi-Fi networking. Combined with its advanced software, and Nest can provide invaluable information to nefarious parties about you and your home. It knows when you’re home and when you go to work. What time you wake up and what time you go to sleep. When you go on vacation. How often you walk by the Nest. Your Wi-Fi password (in plain text), and your zip code.

If hacked, all of that information on a Nest could be rerouted to a third-party, without your knowledge. Security has been one of the biggest issues for the upcoming Internet of Things revolution, and this is a prime example of the potential dangers.

Advertisement

So what did the researchers do after they infiltrated the Nest? They turned it into HAL 9000 from “2001: A Space Odyssey.”

“I know that you and Frank were planning to disconnect me, and I am afraid that is something I cannot allow to happen,” the display read.

But most Nest hacks would not likely be so lighthearted.

H/T Tom’s Guide | Photo via Nest

Advertisement
 
The Daily Dot