• Corpus ID: 14493263

Smart Nest Thermostat A Smart Spy in Your Home

@inproceedings{Hernandez2014SmartNT,
  title={Smart Nest Thermostat A Smart Spy in Your Home},
  author={Grant Hernandez and Daniel Buentello},
  year={2014}
}
The Nest Thermostat is a smart home automation device that aims to learn a user’s heating and cooling habits to help optimize scheduling and power usage. With its debut in 2011, Nest has proven to be such a success that Google spent $3.2B to acquire the company. However, the complexity of the infrastructure in the Nest Thermostat provides a breeding ground for security vulnerabilities similar to those found in other computer systems. To mitigate this issue, Nest signs firmware updates sent to… 

Figures and Tables from this paper

Exploiting known vulnerabilities of a smart thermostat

TLDR
This paper assesses the security of a smart thermostat by using Internet resources for attacks at both the physical level and the network level and suggests that the vulnerability to attack can be further minimized by simply reducing the use of remote storage where possible.

Vulnerability assessment and defense technology for smart home cybersecurity considering pricing cyberattacks

TLDR
These pricing cyberattacks explore the interdependance between the transmitted electricity pricing in the communication system and the energy load in the power system, which are the first such cyber-attacks in the smart home context and show that the proposed countermeasure technique can effectively detect the electricity pricing manipulation.

On Security Threats and Solutions for the Future Smart Home Exploring the Viability of Intrusion Detection in a Centralized Smart Hub Master’s thesis in Computer Systems and Networks

TLDR
The security solution, called the security supervisor, is a network-based solution located in a smart hub which detects malicious activity within a smart home network and argues that a similar platform would be able to contribute to increased security and mitigate many threats towards smart homes.

Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System

TLDR
This paper case study a smart plug system of a known brand is case study by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; 4) firmware attack.

Embedded System Security in Smart Consumer Electronics

TLDR
This talk presents the Google Nest Learning Thermostat as an example on how common design practices affect the resulting device and the potential consequences to user security and privacy, and introduces design flow security enhancement methods through which security will be built into the device.

Secure RTOS Architecture for Building Automation

TLDR
This paper systematically analyze biocontainment laboratory control models based on real case scenarios from Biosecurity Research Institute at Kansas State University and presents a vision for a new secure Real-Time Operating System (RTOS) architecture, which leverages various technologies, including microkernel structure, Trusted Platform Module (TPM), proxy-based policy enforcement, and formal verification.

A Dynamic Programming Algorithm for Leveraging Probabilistic Detection of Energy Theft in Smart Home

TLDR
A new dynamic programming algorithm is proposed that inserts the minimum number of FRTUs satisfying the detection rate constraint and can perform FRTU insertion for a large scale power system.

Internet of Things: WLAN Connected Thermostat

TLDR
The relatively low cost of the WiFi module has allowed to show that it is possible to develop low cost connected objects and free them from a central gateway that is found very often in this type of projects.

Security Vetting Process of Smart-home Assistant Applications: A First Look and Case Studies

TLDR
It is shown the current security vetting is insufficient as developer mistakes can not be effectively detected and notified and a weak authentication would allow attackers to spoof the cloud to insert/retrieve data into/from the application endpoints.

Testing And Hardening IoT Devices Against the Mirai Botnet

TLDR
By analysing the Mirai libraries and its attack vectors, this work was able to determine appropriate device configuration countermeasures to harden the devices against this botnet, which were successfully validated through experimentation.
...