查看文章

The Nest Thermostat is a smart home automation device that aims to learn a user’s heating and cooling habits to help optimize scheduling and power usage. With its debut in 2011, Nest has proven to be such a success that Google spent $3.2 B to acquire the company. However, the complexity of the infrastructure in the Nest Thermostat provides a breeding ground for security vulnerabilities similar to those found in other computer systems. To mitigate this issue, Nest signs firmware updates sent to the device, but the hardware infrastructure lacks proper protection, allowing attackers to install malicious software into the unit. Through a USB connection, we demonstrate how the firmware verification done by the Nest software stack can be bypassed, providing the means to completely alter the behavior of the unit. The compromised Nest Thermostat will then act as a beachhead to attack other nodes within the local network. Also, any information stored within the unit is now available to the attacker, who no longer has to have physical access to the device. Finally, we present a solution to smart device architects and manufacturers aiding the development and deployment of a secure hardware platform.