Categories: M2MNetworks

Nest Thermostats Accused Of Leaking Information

Google’s Nest smart thermostats have been accused of leaking encrypted information.

Two researchers from Princeton University alleged that post codes related to the homes of Nest users were being broadcast, unencrypted, over unsecured Wi-Fi networks, meaning that nyone passing by the house would be able to access this data fairly easily.

However Nest says that the issue, which it says only related to the ZIP codes of local weather stations, has now been fixed, but the news the second damaging revelation about Nest in a week following a recent bug that drained the device’s battery, leaving users with no heating.

Outed

The leak was found as part of a wide-ranging study concerning the security of connected Internet of Things devices, which discovered a number of other products, including a smart picture frame and video camera, had similar vulnerabilities.

The study, published in a report on Freedom to Tinker and presented at the recent PrivacyCon conference, alleged that the Nest leak originated from an in-built weather update service, which used the location information of the user’s home and local weather stations to display upcoming forecasts.

Sensitive information such as home addresses was already encrypted, but the data collected from local weather stations was not, leaving the latter information open to interception.

“A natural reaction to some of these findings might be that these devices should encrypt all traffic that they send and receive,” the authors wrote. “Encryption may be a good starting point, but by itself, it appears to be insufficient for preserving user privacy.”

Incorrect?

However Nest is playing down the leak, saying that the only information revealed was the location of the local weather stations.

“The authors initially made an incorrect assumption, which we pointed out to them before they presented their report, that the response to the weather update request contains exact location of the customer’s home,” a Nest spokesperson told TechWeekEurope.

“In fact, the weather information is provided by an online weather service, and the geolocation coordinates are for their remote weather stations, not our customers’ homes. The only user information that is contained in the requests is zip code. We have reached out to the researcher to make this clarification update.”

However there are questions as to why Nest is playing down the scale of the leak, as users would surely not be entering more than one ZIP code when setting up their device.

What do you know about the Internet of Things? Take our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago