Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This person is a PHP programmer according to their LinkedIn profile. They are just using the existing OMAPLoader tool and does not seem to have embedded device programming experience. I am not hopeful they will be able to write custom firmware for the thermostats.

LFP



> I am not hopeful they will be able to write custom firmware for the thermostats.

If you read the GitHub Readme (typically a better way to judge a project than stalking someone on LinkedIn) you can see that they didn’t write a custom firmware. They modified the Nest firmware to contact different back end servers.

The firmware is the same (they claim) except for modifications to change which server is contacted. They then built a back end to mimic the original Google serves.


Sounds fishy, if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting, which is somewhat disconcerting.


>that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting

Because it uses https? OP gets around this by manually injecting his certificate, but if you have physical access to a device it's generally considered to be game over in most threat models.


> if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack

No. This is a thermostat at your home. It forwards its DNS requests to your router. Feel free to establish whatever security protocols you need there. Or, even better, host your own server.


Personally, I think this might be an even better approach. The Nest Gen1/2 UI was pretty slick. It would be a shame to have to use a custom firmware.


I agree, there's a "hammer and nail" problem here, it's impressive though that he used Ghidra to RE some of the API calls that the Nest binaries are making after having got root access - according to some of what Cody has said in the Reddit thread and on his Discord channel.

I have been working on REing the hardware itself to write drivers directly - for example at https://sett.homes/blogs/updates/the-lcd-display-reverse-eng....

I am designing whole new PCBs that mount in the Nest so that we have 100% firmware control over the device... time will tell if we can do the same thing on the Linux OS that the Nest currently runs on, or if custom hardware will be needed because the OS has too much locked down


I see it as a great starting point.


I agree that it's a great starting point




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: