When Google announced its $3.2 billion acquisition of Nest, many users reacted strongly to the idea of Google having access to their information and data, despite both companies claiming that they wouldn’t share any information. The WSJ published a report last month, however, claiming that Nest and Google eventually planned to share some user data between each other. This report only led to even more privacy uproar. Now, a handful of hackers have taken matters into their own hands and have developed a tool to prevent any user data from be sent back to Nest or Google (via Forbes).

Samsung U28E590D 28-Inch 4K Monitor

The hackers claim that the tool does interfere with the features of Nest at all, including all of the “smart” capabilities. The thermostat itself does not offer any sort of ability to turn off sharing data, although users can turn off WiFi. Doing so, however, breaks the ability to operate the device remotely, get software updates, and view energy reports. This tool simply stops data from being sent to Nest or Google. Everything else remains fully functional.

“Using this vulnerability, we can patch the Nest from sending that data to Nest servers. There was no performance impact whatsoever on the unit we tested this on,” said Arias. In a white paper accompanying their presentation, they say the Internet of Things — with its connected devices tying users to companies that can monitor them — means consumers may need to “hack our own purchased devices in order to protect our own privacy and to add features manufacturers do not include.”

Essentially, enabling this feature consists of “jailbreaking” your Nest, although the developers aren’t big fans of that term. Nest will be able to tell when you’ve jailbroken your thermostat, and it may void the warranty. Nest co-founder Matt Rogers is somewhat skeptical about this tool and reiterated that security is one of the biggest focus for the company. Rogers claims that Nest undergoes audits from a variety of external firms, in addition to Google keeping tabs.

Rogers went on to explain the company’s reasoning for not offering the ability to turn off the automatic sending of data to Nest.

“There’s a very small vocal minority who don’t want us to have that data. We give them a lot of value from that data.” He says that the company improves its algorithms – and saves customers money – by being able to analyze behaviors from many different homes. “With our smoke detectors, we found that there’s way more carbon monoxide in homes that anyone realized. We can take that info to regulators. The biggest carbon monoxide survey that ever happened before was hundreds of homes; we have thousands.”

The hackers also discovered a vulnerability that allows someone to hack a Nest if they have physical access to it, but Rogers wasn’t too worried about that, saying it’s a case with any computing device.

About the Author