Monday, 25 January, 2016

Nest Thermostat Found To Have Leaked Zip Codes

Image Nest Image Nest
Emely Stone | 23 January, 2016, 03:04

This particular leak of zip codes of the local weather stations might not be all that serious since no personal information were leaked, but it does showcase the challenges involved in ensuring that information remains as secure as possible, with more and more folks plugging in additional smart devices in and around the home. 

"You have a hardware that is incapable, and information that's always being sent to the cloud", Grover said.

The researchers also studied several other smart devices, including the Sharx security camera, a PixStar smart photoframe, and Samsung's SmartThings Hub. The team found that a few gadgets that were checked sent out information in the open. 

"In fact, the weather information is provided by an online weather service, and the geolocation coordinates are for their remote weather stations, not our customers' homes". When setting up the Nest thermostat, users are required to enter a zip code.

However Nest is playing down the leak, saying that the only information revealed was the location of the local weather stations.

Nest thermostat
Image Nest

Researchers at Princeton University have found that, until recently, Alphabet's popular Nest thermostat was leaking the zip code and location of its users over the internet. On the whole, CITP researchers say that "many devices" don't encrypt "at least some" of the details that they transmit over the internet, but encryption may not be enough.

Researchers found that Nest thermostats were leaking zip codes over the Web. The IoT company reportedly quickly patched the flaw when it was notified.

Most popular IoT devices, including Google's Nest Thermostat, have security vulnerabilities, Princeton researchers found. There is, however, some hope in the unified platform that both Apple and Mountain View Internet giant provide for the IoT, which would help standardize communication and security. This data were transmitted unencrypted, or in the clear, meaning that anyone sniffing traffic could have intercepted it, according to the researchers.

At a presentation at the Federal Trade Commission (FTC) PrivacyCon conference, Grover warned that IoT devices can leak sensitive information, including whether device owners are at home and the activities of the device owners.

Nishikori and Goffin advance at Australian Open
On the women's side of the draw, fifth seed Maria Sharapova flexed her muscle in a three set win against the USA's Lauren Davis. No. 15 David Goffin beat No. 19 Dominic Thiem 6-1, 3-6, 7-6 (2), 7-5 - his first win against a top-20 player at a Grand Slam.