Skip to main content

Expert: Google Home Hub Security ‘Beyond Dismal’

Google Home Hub users are putting themselves at risk, according to one expert. 

Credit: Phil Michaels/Tom's Guide

(Image credit: Phil Michaels/Tom's Guide)

Security researcher Jerry Gamblin tweeted on Monday that he had spent the last two evenings investigating the security of Google's smart display. The result? "Beyond dismal," according to Gamblin.  

Gamblin explained his results on his personal website. "I was extremely disappointed with the security of these devices especially coming from Google who I trust with so much of my data," he wrote. 

From a remote device, Gamblin was able to reboot the Home Hub by running a single command with no authentication. He could also make it unusable by deleting the Hub's configured network, meaning the user would need to set it up once again from the Google Home application.

MORE: Google Home Hub Review: A Good Cheap Echo Show Alternative

Google responded to Gamblin's concerns in a statement to Android Authority

"A recent claim about security on Google Home Hub is inaccurate," the company wrote. "The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network."

Essentially, Gamblin's hacks are only possible from devices that are connected to the same network as you Google Home Hub, according to the company. So it seems the moral of the story here is that if you have one of these devices, make doubly sure your network is secure.

  • velocityg4
    "A recent claim about security on Google Home Hub is inaccurate," the company wrote. "The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network."

    Which still isn't acceptable. That means anyone using the default settings on the Router from their ISP is at risk from anyone who has been in the house before. Since all they have to do is get the code from the side of the router. This also means the home security can be disabled by anyone you've previously allowed to connect to your home network.

    The device shouldn't allow any login not from a verified device or a proper passcode.

    Frankly I don't have much faith in any of these wireless, cloud connected security solutions. I just can't see them being as reliable as a traditional hardwired system with door and window sensors.
    Reply