August 2015 – Google Watchdog

Google partner Samsung’s “smart” refrigerator turns out to be a hackable refrigerator, too

Posted on August 29th, 2015 by Silicon Valley Sleuthhound

A team of hackers recently discovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that can be exploited to steal Gmail users’ login credentials, The Register reported this week.

Hackers from security company Pen Test Partners discovered the flaw while participating in an Internet of Things (IoT) hacking challenge at the Def Con security conference earlier this month. The smart refrigerator, Samsung model RF28HMELBSR, is designed to integrate the user’s Gmail Calendar with its display. Samsung implemented SSL to secure the Gmail integration, but the hackers found that the device does not validate SSL certificates, opening the opportunity for hackers to access the network and monitor activity for the user name and password used to link the refrigerator to Gmail.

This story neatly demonstrates the folly of adding Internet connectivity to refrigerators, washing machines, toasters, coffeemakers, and other home appliances. Not everything that draws electric current in a home needs to be able to browse the Web and talk to Google’s data centers. But companies like Samsung are so obsessed with catching the next trend in consumer electronics (the next trend being the so-called Internet of Things) that they are adding extra, unnecessary, gee-whiz features to the appliances they’re making.

Our advice: Steer clear of tricked-out, IoT branded home appliances. You’ll save on energy costs, and you won’t end up with a home full of hackable devices in every room.

Big Brother Google gets into the business of making and selling routers

Posted on August 19th, 2015September 4th, 2015 by Silicon Valley Sleuthhound

When it comes to hardware and software, there’s pretty much no device category or software segment the Monster of Mountain View doesn’t want to play in:

Google is making a Wi-Fi router as part of its ambition to provide better Internet connections that make it easier for people to access its digital services and see more of its online advertising.

Pre-orders for the $199 wireless router, called OnHub, can be made beginning Tuesday at Google’s online store, Amazon.com and Walmart.com. The device will go on sale in stores in the U.S. and Canada in late August or early September.

Google is touting the cylinder-shaped OnHub as a leap ahead in a neglected part of technology.

The Mountain View, California, company is promising its wireless router will be sleeker, more reliable, more secure and easier to use than other long-established alternatives made by the Arris Group, Netgear, Apple and other hardware specialists. Google teamed up with networking device maker TP-Link to build OnHub.

This is supposed to be an Associated Press news article? It reads more like a press release!

This being a Google product, it comes with spyware built right in.

Google is pledging not to monitor any of the information transmitted over OnHub except for visits to its search engine or other services, such as YouTube or Gmail, with the user’s online privacy controls set to permit the data collection.

That’s a worthless pledge. Google predictably exempts itself from its own privacy promise, then says, don’t worry, we won’t spy on you when you visit non-Google websites.

We here at LGB prefer not to be spied on by Google at all, and that’s why we don’t use any Google hardware or any of Google’s online offerings.

Good software already exists for upgrading routers, like DD-WRT, for those unsatisfied by what’s provided by the manufacturers of their networking hardware. Most Internet users get their router from their Internet service provider and won’t have any desire to pay Google for the privilege of having a new router that phones home to Mountain View. Tech-savvy users are the only conceivable market for OnHub, and they already have better options right now.

POSTSCRIPT: Ars Technica has a brutal review of the OnHub, which it calls a “mystery box”.

Poor Quality Assurance

Proprietor of leading technology news site: “I No Longer Have Any Trust In The Nest Protect”

Posted on August 17th, 2015September 4th, 2015 by Silicon Valley Sleuthhound

Michael Larabel, who runs the well-known free software news and reviews hub Phoronix, has a post up about an awful experience he recently had with Google-owned Nest’s Protect, a souped-up, Internet-connected smoke detector. Larabel writes:

Earlier this year I wrote about protecting our Linux test farm with the Nest Protect. While I own ten of these “high tech smoke detectors” and initially recommended, I no longer trust them after a long night.

In the middle of the night I was alerted to “smoke in the bedroom” by all ten Nest Protects going off with the alert and siren, plus alerts going into mine and Fataima’s phone. Quickly investigating, there was no smoke to be found in the bedroom or any other room… Nor anything resembling smoke or any other causes for concern. The fire alarms tied to the security system also hadn’t sensed any smoke.

The unit continued to malfunction:

At first pushing the Nest button I thought the silencing worked, but nope, it came back to broadcasting across all of the Nest devices that there was smoke — when there was not. I disconnected that particular Nest Protect from the AC power, took it to another room, still reported smoke. Putting the Nest Protect in a kitchen pot with lid still claimed of smoke and produced warnings… This particular Nest unit was bought just earlier this year and was going insane in the middle of the night.

In the end, Larabel says he had to resort to a sledgehammer (literally) to shut the Nest Protect up. He still doesn’t know what caused the Google-made device to go crazy, and is going to let Nest know what happened. He would be wise to stay away from Nest gizmos in the future.

Larabel is not the only person to have encountered this problem. There is a video on Google-owned YouTube, posted by a Google employee, documenting a malfunctioning Nest Protect. Video creator Brad Fitzpatrick says, “Do not buy a Nest Protect. You will regret it. You can stop or mute this video if it’s annoying, but you cannot stop a Nest.”