Monday, February 25, 2019

Google's Nest Security Can Listen In By Embedded Microphones

Google’s Nest Security System Is Listening In On You With Embedded Microphones

Surprise! Another smart home device has the ability to spy on people.
I doubt anyone who is reading this will be shocked by this news, but here we go.
Back in early February, tech giant Google announced that Nest Secure, its home security and alarm system, was now compatible with the company’s Home Assistant voice-control function.
Nest Secure has supported Google Assistant integration for quite some time, but with this most recent update, the product is taking that to a new level by turning itself into a Google Assistant speaker. This is just like what the Nest Cam IQ did last year. With the flip of a switch in the Nest app, you can set the Secure as an always-listening Assistant speaker. (source)

The problem?
Nest users didn’t know a microphone existed on their security device, to begin with.
In order to be compatible with a voice control feature, the device would need to have a microphone.

But Google never mentioned there was a microphone embedded in the device.

That important detail was never disclosed in any of the product material for the device, which has been on the market since 2017.

This is the second time Nest made the news this month.

On February 6, owners of Nest security cameras received an email from Google, warning them to secure their login credentials with things like two-factor identification and stronger passwords.
The reason?
The routine security reminder comes after an uptick in Nest camera hacks and even the occasional hoax, many of which have been downright bizarre and creepy: An Illinois family recently had its device breached by a hacker who spewed abusive epithets through the camera’s microphone into their living room, while another criminal peered into a baby’s room in Houston, Texas, for example. (source)

This excerpt from the email was published by Popular Mechanics:
For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently. (source)

Google has faced criticism in the past for its location data-tracking practices, along with allowing third-party developers to read people’s emails on Gmail, reports CNET.
And, Business Insider reminds us that in 2010, Google acknowledged that its fleet of Street View cars “accidentally” collected personal data transmitted over consumers’ unsecured WiFi networks, including emails.

The Electronic Privacy Information Center (EPIC) has asked the Federal Trade Commission (FTC) to force Google to sell its Nest division and surrender any data that was collected from Nest customers.
In a brief statement on its website, the nonprofit privacy and civil liberties advocacy group said:
Following reports that Google installed secret listening devices in the homes security product Nest, EPIC asked the Federal Trade Commission to require Google to spin-off Nest and to disgorge the data obtained from Nest users. It is a federal crime to intercept private communications or to plant a listening device in a private residence. (source)

No comments: