>> GOOGLE NEST GETS HACKED ... KINDA
fear, uncertainty and doubt - this is what security experts promote best.
Google's Nest seems to be the latest in the fray of Iot security and how
vulnerable devices are - at this years
it was shown how easy it was to compromise the commercial product. The
immortal words of Hal, the rogue computer who is the main star in the movie
2001: A Space Odyssey
was displayed on the device - which obviously is not part of the standard
experience the consumer should have.
Should everyone get into a panic and run around like headless chickens?
Absolutely not - there is one little bit of information that has been left
out of the headline but is critical to truly understand the risks and
threats specific to this situation:
More specifically, the "hacker" simply connected a USB cable into the device
and put it into developer mode and then they were able to download the code,
make changes and then push a newer version back onto the device. Generally,
rule number one of computer security:
physical access == game over
... and if you think that by removing the standard USB ports manufacturers
can be out of harms way? Think again - that's what soldering irons are for.
As soon as the electronics are accessible it is a new ball game - but
is there really nothing a product manufacturer can do?
The main issue is that many IoT devices at the moment are not implementing
the appropriate security measures to protect against intrusion - even
simple concepts such as applying digital signatures or other techniques
to validate that the code about to executed on the device has not been
tampered with in anyway.
(such as BlackBerry devices) have been doing this for years and are
considered some of the secure devices known to man - even with physical
access. Sure, the device could be repurposed for something else - but
you can guarantee that it wouldn't use usable as originally intended. It
is time for product manufacturers to take this seriously.
Is BlackBerry really dead in the water? or...
uniquely positioned for the Internet of Things?