Researchers show why buying a used Nest may not be such a bright idea

Researchers at security firm TrapX demonstrate how the Nest Learning Thermostat can be used as a beachhead by attackers.

At last year's Black Hat security conference, a team comprised mostly of researchers from the the University of Central Florida set alarm bells ringing when it showed just how easily a hacker could make deep cyber inroads into a smart home using the Nest thermostat . Inspired and curious, researchers at security firm TrapX Security took it upon themselves to put those claims to the test in a real-world scenario.

Before Nest owners panic, know that this exploit is possible only if a hacker gains physical access to your thermostat and dismantles it (you can see a photo of the thermostat's USB port in this story at IFIXIT.com). The TrapX team used Nest's lone USB port to root the device and load custom firmware onto it's Texas Instruments AM3703CUS Sitara processor, just as had been proposed last year by the research team led by University of Central Florida engineering professor Yier Jin. This immediately gave them access to network credentials and some other data that resides on the device in all its unencrypted, plain-text glory. But that's just the tip of the iceberg.

The TrapX folks then proceeded to intercept data coming from other devices on the same network using an ARP (Address Resolution Protocol) spoofing attack, which involves hoodwinking the target devices into communicating with the hacked thermostat.

In plain words, the many connected devices around your smart home are sitting ducks to a hacker in control of your smart thermostat. According to Forbes, TrapX was able to compromise devices as disparate as baby monitors and personal computers using the Nest as a launchpad.

"Once we're inside the network, it's quite trivial to escalate," TrapX executive vice president and general manager, Carl Wright, told the magazine.

But let's not lose sight of the fact that the attack is predicated on the hacker gaining physical access to the thermostat, thereby greatly reducing the possibility of such an attack. You should, however, be extra cautious about who you let near your Nest, or any other smart device for that matter. And do think twice before buying them second hand from someone you don't know. Still worried? Keep calm and follow these 7 steps to keep your smart abode safe .

Why this matters: You would think that the backdoor, which first came to light a year ago, would be slammed shut by now. But before you accuse Nest of being remiss in its duty to protect paying customers, know that there is little the Google-owned company can do because the vulnerability resides in the hardware itself. Moreover, both the original researchers and the TrapX folks are on record as saying that the Nest is a comparatively secure IoT (Internet of Things) device.

That brings us to the larger question: What about all those smart devices that are being built by companies that lack the financial heft of a Nest or a SmartThings? After all, much of the IoT revolution is unfolding on crowdfunding platforms like Kickstarter and Indiegogo. Can we realistically expect such cash-strapped companies to pour whatever little resources they have into making their devices as secure as possible?

Tags Networkingroutersnetworking hardware3CNesthome securityJinTrapX

Show Comments