The security of our smart home devices and personal data is a big deal. That's why enterprising hackers and security experts are very interested in how secure the latest connected home tech really is.
Earlier this week Jerry Gamblin, who describes himself as a security advocate, problem solver and hacker, started tweeting out his findings after spending a couple of nights looking into the Google Home Hub smart display's security.
He tweeted: "I have spent the last two evenings looking at the security of the new Google Home Hub, and it is beyond dismal. It allows near full remote unauthenticated control by an (undocumented) API."
When he refers to "control" he means things like rebooting the device and controlling settings and notifications, not access to personal data captured by Google Assistant. Still, Gamblin was able to use pieces of the Home Hub's code to gain access to it, albeit on the same Wi-Fi network. No word on whether the same vulnerability affects the JBL Link View and Lenovo Smart Display.
Google isn't having it, though, as a spokesperson told CNET that: "A recent claim about security on Google Home Hub is inaccurate. The APIs mentioned in this claim are used by mobile apps to configure the device and are only accessible when those apps and the Google Home device are on the same Wi-Fi network. Despite what's been claimed, there is no evidence that user information is at risk."
Google also pointed out that user information is protected via authentication and encryption. But it seems that, once again, it's the security of the Wi-Fi network that's most important here. For what it's worth Gamblin's response to the Google response was to quote tweet: "OH THEY BIG MAD!!!!" We like this guy.