Nest Secure Has an Unlisted, Disabled Microphone (androidauthority.com) 207
An anonymous reader quotes a report from Android Authority: Owners of the Nest Secure alarm system have been able to use voice commands to control their home security through Google Assistant for a while now. However, to issue those commands, they needed a separate Google Assistant-powered device, like a smartphone or a Google Home smart speaker. The reason for this limitation has always seemed straightforward: according to the official tech specs, there's no onboard microphone in the Nest Secure system. However, Google just informed us that it is right now rolling out Assistant functionality to all Nest Secure devices via a software update. That's right: if you currently own a Nest Secure, you will be able to use it as a Google Home very soon. That means somewhere in the Nest Guard -- the keypad base station of the Nest Secure -- there might be a microphone we didn't know existed. Either that or your voice commands are going to be heard by another product (like your phone, maybe) but Assistant's output will now come from the Nest Guard, if you happen to be in the range of that device. UPDATE: Google has issued a statement to Android Authority confirming the built-in microphone in the Nest Guard base system that's not listed on the official spec sheet at Nest's site. The microphone has been in an inactive state since the release of the Nest Secure, Google says. This unlisted mic is how the Nest Guard will be able to operate as a pseudo-Google Home with just a software update.
unlisted microphone? (Score:5, Insightful)
look, i just want a warm living room when i come home from work
can we fuck off with this creeping and creepy featuritis?
Re:unlisted microphone? (Score:5, Insightful)
a 'smart' thermostat needs no camera, needs no microphone. needs no 'cloud' backing it up.. just a little locally run code, a source for local weather conditions, forecasts and date/time.. the national weather service and nist (and other countries' equivalents) provide those. for free.. with no creepy factor.
anything that CAN run locally.. SHOULD be run locally. this cloud dependency simply for the sake of 'the cloud' (and data gathering) is total bullshit.
Re: (Score:2)
a 'smart' thermostat needs no camera, needs no microphone. needs no 'cloud' backing it up..
I've frequently controlled my Nest via smartphone from under the warmth+safety of my own duvet covers when it was too cold to get out.
I'm not sure how this would best be done. It can't be via bluetooth (out of range). Doing it via cloud, as Nest does, seemed to work fine. Another option would be if the nest app on my phone is able to seek out local devices on the local area network, I guess like AirPlay and other streaming protocols.
Also, on most vacations, I've realized I forgot to turn down the heating an
Re: (Score:2)
Wifi works fine. There are smart thermostats that use it, just not ad supported ones.
For outside access the company could offer a dynamic DNS service instead of a bunch of cloud stuff.
Re: unlisted microphone? (Score:2)
Plenty companies do use the DDNS feature but thatâ(TM)s LESS secure than a device dialing into a cloud app. At least you can make efforts to keep a central app secure and updated and there is nothing dangling (directly) on the Internet. With DDNS, your device gets anyone direct port/IP access.
Re: (Score:2)
The cloud solution is more secure when you trust the provider. When their business model is spying on you, not so much.
You could use a third party access server too. Emphasis on third party. Someone who gets audited regularly, and whose job is purely to create a secure connection between you and your home, over the internet.
Re: (Score:2)
Yes, and the masses will still purchase and gobble this stuff up so it will become even more pervasive. They just don't care or see the problem with it.
I'm having a hell of a time finding IP cameras that do NOT use the cloud. You can't even tell if you read the specs sometimes.
If I were smart I'd startup a similar company that "features" no cloud connections for the informed market.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
a 'smart' thermostat needs no camera
Depends on how "smart" you expect the "smart" thermostat to be. You use the word "smart" and then describe something incredibly dumb that has existed for years.
Conversely with a camera you can apply image detection to determine if someone is home / away while ignoring disturbances like pets, you know, like someone "smart" would.
Re: (Score:2)
Because a lot of furnaces and almost all air conditioners and heat pump's efficiency changes based on the outside temperature. Because your home isn't 100% insulated, it also affects how much extra heating/cooling is going to be required to raise/drop the house temperature. Not rocket science.
If you wanted a stupid scheduling thermostat, then I suggest buying one of those. I didn't buy a nest thermostat so it could be just a stupid scheduling thermostat.
BTW, this article is on the Nest Secure, not the Nes
Re: (Score:2)
It would be nice if it knew how much oil you had/used, the cost vs electricity and could use whichever system cost less, including overheating the house in anticipation of a cold snap at night, or high freezing winds, etc.
Re: (Score:2)
You don't need the internet for that either, a temperature sensor outside will do. Or for that matter, a humidity sensor indoors.
Re: (Score:2)
Why would it even need weather? It controls the temperature inside the home. All it needs is a schedule and an easy way to override for when you're not going to be there.
To anticipate load and/or pricing spikes. For example, Nest will overshoot (undershoot?) cooling if it sees that the temperature will increase in the next few hours, because overall it's cheaper and more energy efficient to cool in advance and let the temperature gradually rise, rather than play catch up all day.
No, it is not cheaper. It is more expensive. The bigger the temperature difference the bigger the energy leak, so preemptively lowering temperatures will only cause more cold to be leaked, and thus cause a higher energy usage.
Re: (Score:2)
"The bigger the temperature difference the bigger the energy leak" so the preemptive part means the temps are more in line and are closer together. Instead of trying to maintain 73 in a 80 world, while the temp is 76 the house would lower it to 70. Only a 6 degree difference vs the 7 later. So the house could work less to keep the house temp slowly creeping to 73, especially in anticipation of your home arrival.
Re: (Score:2)
" Fourth, pre-cooling or pre-heating beyond 1 hour does nothing at all in most homes."
Guess you've never lived in a nearly non-insulated California home.
that's how they got nixon! (Score:5, Funny)
that's how they got nixon!
Re:unlisted microphone? (Score:5, Funny)
What are the odds that a government, or other state sponsored entity already knew about this... and already updated your software?
Asking for a friend...
Re: (Score:2)
Then just buy a Nest and be done with it. I don't know why you are complaining about something as irrelevant as a thermostat while we're talking about a completely different product.
Good thing we can trust them with our data (Score:2, Funny)
id hate to think some company would install a secret microphone in peoples home and then also secretly work with the chinese government or something like that
Re: (Score:2, Insightful)
There's always some idiot who thinks "B...b...b...but I don't have anything to hide!"
Re: (Score:2)
Re: (Score:2)
I'm not arguing with the rest of your post, but I wouldn't be certain about them not taking over the world. Considering it likely is probably wrong, but it's not implausible.
LOL (Score:4, Funny)
Permit me to say: LOL
I am shocked, shocked I say. ;)
Re: (Score:3)
I find this exceptionally funny. People are _dumb_ to trust these companies.
Re: (Score:2)
What choice do you have though? Unless you want to drive a pretty old car you will find that all modern ones have a microphone for Bluetooth support. And in this case the buyers would have had to disassemble the device to even find out that it had a mic.
It's like how it's hard to buy a dumb TV these days. If you want something with a tuner you either buy a used one or it's going to have smart features and quite possible a microphone.
Re: (Score:2)
What choice do you have though?
Dozens of brands of $10-$50 programmable thermostats in this case.
I am baffled at people's apparent need for something more than that. Every use-case I hear is either someone too lazy or too stupid to maintain a useful temperature in their house, or who is unable tolerate anything other than getting the exact temperature exactly when they want it.
Seal your gaps, make sure your insulation is up to code, program a reasonable daily temperature profile, and then you're done. If you've bought a house built in th
Re: (Score:2)
I meant in general you can't avoid these technologies completely. Sure you don't have to have a smart thermostat... Yet. Eventually they may end up like TVs and cars, you can't buy one without a microphone in it. Okay, less likely for a thermostat, but you see my point.
I don't know what the solution is. Laws harshly punishing misuse are a good idea. I remember reading a sci-fi book where it was possible to spy on anyone at any time (using micro wormholes) so some people started living in complete darkness a
Re: (Score:2)
Could they at least return the Nest thermostat now? In the UK you could return it under consumer laws for being "not as described" and "not fit for purpose", get a refund and probably ask the retailer to cover some reasonable costs if you felt like pushing it.
Re: (Score:2)
They are not talking about the Nest thermostat. They are talking about the Nest Security system. Two different items made by the same company.
So return your Nest thermostat if you want, but you won't be able to do it because it has a microphone, because, as far as is known, it doesn't.
Some people buy hardware for what is not contained (Score:5, Insightful)
I will not buy a TV with a video camera.
I'd be furious if I found out my TV had one, that only needed a software update to activate.
Re:Some people buy hardware for what is not contai (Score:4, Insightful)
Just expect that camera to be cleverly hidden in the future.
better is no internet connection (Score:3)
If you buy a TV that has WiFi, block the MAC; if it has wired, just don't connect it.
I have an old WD box for Netflix, which has neither camera nor microphone.
Re:better is no internet connection (Score:5, Insightful)
You can't block the MAC on all your neighbours' wifi systems, and you can't stop the TV breaking the weakest password protection it finds.
I remind about the Sony CD rootkit debacle.
Re: (Score:2)
I always wondered if there had been any wifi-equipped devices that also had WPA breaking automation in them to gain access to networks when they otherwise couldn't.
But at this point what you have to stop now are cheap cellular modems.
Re: (Score:2)
All the smart tvs in the future are gonna have 5G connections that are "free" so that they can still phone home and do whatever they want unless you live in a faraday cage or far away enough from a 5G cell phone tower.
Re: (Score:3)
>> unless you live in a faraday cage
Heh heh, I like that.
>> or far away enough from a 5G cell phone tower
From what I hear isn't that, like, a metre?
Re: (Score:2)
You are going to have to open it up and unplug the wifi antenna, and attach an attenuator in its place.
Or just install tinfoil wallpaper in your living room, but I've heard that may amplify the mind control rays. [archive.org]
Re: (Score:3)
You can't buy a good 4k display that does not have a microphone. I said I wouldn't buy a display with a mic or camera, but I did. I just never plug an ethernet cable into it, and my wifi is white-listed to omit the display.
Re: (Score:2)
---
Re: (Score:2)
>> Looking over the specs
Re-read the summary !
Re: (Score:2)
Same here: when I needed to buy a new TV one of my few criteria was "NOT a smart TV".
And I predict this rule will stand when I need to buy another one.
My choices were constrained, but so be it.
Re: Some people buy hardware for what is not cont (Score:2)
Re: (Score:2)
Yes, stupid wins by the numbers. In all other regards, people like you lose.
Re: (Score:3)
dubious use of "win" here.
Re: (Score:2)
Unfortunately, some of the cameras recently reported for "smart phones" are reported to work through the screen. (I'm not sure this is the "notch", though I suppose it could be marketing speech for that.)
If this is doing what the article said, then it might be a bit difficult to cover the camera.
That does it! (Score:3, Funny)
I'm putting my old mercury bulb thermostat back in.
Re: (Score:2)
The mercury threat of home thermostats was not to the user, or not significantly. It was when you disposed of it.
The real question (Score:5, Insightful)
Is how many other devices have clandestine microphones unbeknownst to the owners?
How can you trust anything from any of these tech companies. They all spy on you.
Re: (Score:2, Insightful)
Is how many other devices have clandestine microphones unbeknownst to the owners?
FTFS:
That's right: if you currently own a Nest Secure, you will be able to use it as a Google Home very soon.
No, it uses you!
Now, already.
Re: (Score:2)
Is how many other devices have clandestine microphones unbeknownst to the owners?
Yes
How can you trust anything from any of these tech companies. They all spy on you.
No and yes.
Unless you disassemble and inspect an IoT personal spying device, You must assume it has both a microphone and camera. Because it probably does. This Nest example pretty must rests my case. If it is possible to listen, they will listen
Re: (Score:3)
Genuine question: anyone have any idea how "average consumer" or even "moderately tech-able /. poster" could identify this shit?
Or, failing that, does anyone know if there's a way to, I dunno, strip out UPSTREAM data from a specific device in your router settings? I assume that would make most devices that use ethernet connections non-functional because they wouldn't be able to ack anything legitimate.
Re: (Score:2)
I don't know if all routers can do this. Ubiquiti routers can for sure, assign a static IP to that device and block all traffic from that IP from going to the internet.
However, that will probably make it mostly useless as almost all of the "smart" things require internet to work.
Re: (Score:2)
I'll bet that's how it operates.
Tiny program event - hey time to turn up the heat.
Nest: web request to https://www.google.com/search?... [google.com]
Special hidden result which pipes web assembly back to the thermostat.
Tiny program event - heat good enough
Re: (Score:3)
Without disassembling the device there's really no way to tell. The best you can do is check if the case has a hole that looks suspiciously like a microphone hole, but that's going to be pretty error prone. It's still easy to put a mic somewhere that doesn't have an obvious hole, or have what looks like a mic hole that doesn't actually have a mic mounted.
It's trivial to configure a router to not pass upstream traffic from a particular device, but that's pretty much the same as not having it on the netwo
Re: (Score:2)
Without disassembling the device there's really no way to tell. The best you can do is check if the case has a hole that looks suspiciously like a microphone hole, but that's going to be pretty error prone. It's still easy to put a mic somewhere that doesn't have an obvious hole, or have what looks like a mic hole that doesn't actually have a mic mounted.
Ohh, ohh, ohh..... I haz idea. Once you find a microphone, simply remove it from the device, then attach some wires to when the mic was, send audio to it, and start letting them listen to say, porn movie audio, or Meg Ryan's orgasm voice from "When Harry met Sally, or maybe Doctor Strangelove soundbytes. Possibly even RickRoll them.
Or better yet, send them commercials.
Re: (Score:2)
No. Many speaker designs aren't reversible. Only if ambient sound modifies the power supply, like it did in the old carbon mics.
But, or course, many things that don't appear to be microphones can operate as one. I'd be suspicious of any large touch screen, e.g. That could easily activate at a very low level from ambient noises in a way that would need to be carefully filtered out for normal use (as a touch screen). But if it's very massive, it would probably only pick up loud sounds, or only some parti
Yeah, sure... (Score:3)
Disabled or "disabled"?
Re: (Score:2)
Cool story, edgelord.
not right (Score:3)
so I wonder how many other google products have hidden microphones??? what about their mesh router?
Re:not right (Score:4, Insightful)
so I wonder how many other google products have hidden microphones??? what about their mesh router?
Well, their business is exactly collecting as much data on you as they can, then selling it and making money. Care to hazard a guess? They're getting surveillance data on you that would make Microsoft blush.
Re: (Score:2, Insightful)
So far, so good...
Oh, and you were doing so well.
Google doesn't "sell" their data about you. That data, that's their golden goose. If they sell it, they've got nothing. No, what they sell is you. Or rather, your eyeballs and attention.
People go to Google and say "Show my ad to enough people to earn me 100,000 additional sales". Google uses its data about you to determine whether you're likely to respon
Re: (Score:2)
Re: (Score:2)
I've checked their website. It appears the Nest Secure is for now only available in the United States.
Too bad. We can be sure the FTC, FCC, Justice Department, et. all will do nothing about it. If the European Union was involved I think we all know that Google would "'ave some ex'plaining to do."
My programmable thermostat (Score:2)
has 5 or so presets, cost nothing (thanks natural gas company) and doesn't have any microphones, or wifi.
If I had a Nest, I'd probably break out the dyke cutter and remove the microphone.
Re: (Score:2)
If I had a Nest, I'd probably break out the dyke cutter and remove the microphone.
And I would laugh my ass off after you thoroughly destroy your nest thermostat because you failed to read the summary which is about the nest secure, which is a completely different product.
Summary is biased. (Score:2, Insightful)
The tech specs not listing a microphone is very different than the tech specs saying "there is no onboard microphone," as claimed.
Re:Summary is biased. (Score:5, Informative)
Tech specs, by their very nature, must list every major feature present. That list _must_ be complete. Anything major not listed must be absent. And the ability to record audio (even is "disabled" in software) is obviously a major feature in a device you put in your home. Also obviously, they do not list everything that is missing as that would be infeasible. For example, this device likely does not contain an ice-cream machine or a toilet roll holder either. Would you also expect that to be listed as absent?
Do you see how wrong your statement is?
Re: (Score:3, Insightful)
For instance every (?) Broadcom based cellphone SoC supports FM radio functionality, but only those manufacturers who enable it list "FM radio" as a feature.
If they'd listed a microphone, people have started complaining that they couldn't use it.
Re:Summary is biased. (Score:4, Insightful)
The microphone is a feature as soon as it can be activated by software. How that activation happens is immaterial. It changes the status of the device to "listening device". Your SoC example is deeply flawed.
Re: (Score:2)
Re: (Score:2)
"Oh, bullshit. The microphone isn't a feature until it starts being used."
So you'll have no problem with me selling you a device, not saying it has a microphone, and then listening to you at will with a surreptitious update. Thanks, you fucking corporate lapdog. You're one of the reasons we have all of this spying shit now.
Re: (Score:2)
Re: (Score:2)
Me to Nest:
Ok Google, remind me when this thing can dispense toilet paper
Re: (Score:2)
"Please quote the law which requires this"
Truth in Advertising, FTC Regulations, fucktard. Specifically this would fall under false and misleading advertising by omitting the fact that there is a hidden microphone. Informed consumers would likely not purchase this if they knew. I certainly would not, and thus that meets one of the elements necessary for the law.
Try again when you have actual court experience.
Re: (Score:2)
Well, yes. Also because people these days are often unable to realize how little they actually know and understand. Probably an effect form opening up education to everybody and then dumbing it down so much that anybody can actually get a degree at the end.
FYI they are also renaming the device (Score:4, Funny)
Google announced that, going forward, the thermostat will be called the:
Nest “Secure” ;-)
Re: (Score:2)
More like Nest Secure - Securing your data for us.
"disabled" = "can be turned on any time" (Score:2)
At least unless there is a physical switch. No? Then this counts as deceptive and malicious. These evil f****** are getting more bold.
Slashdotters Need To Learn (Score:5, Insightful)
Slashdotters need to learn and realize that the average consumer - read the vast vast majority of people - don't give a flying-rat-fuck about security or privacy. They care about shiny new toys and personal convenience and they do not care what the price.
These major services/vendors have figured it out. They understand that they can do whatever the fuck they want, so long as it's convenient or shiny new for the end user. The end user/consumers gleefully hand over their money, their security, and their privacy to any and all of these companies for shiny new or convenient.
You people worrying about microphones listening in, cameras recording activities, big data tracking your every fucking activity on a global scale, you're very much in the minority. The MASSIVE majority don't just fail to understand your odd and suspicious concerns, they are angered by your belligerent resistance to devices and services such as completely unnecessary $200 thermostats that track the consumer's habits, or Smart TVs that track viewership, feed targeted ads, and listen in on household conversations.
To the rest of the world, you're a nutter deserving of scorn, ridicule, and ostracization.
Techies care out of self preservation (Score:2)
The mob may be distracted by shiny toys today but at some point when the snooping gets too much the mob will get ugly and when they start the pogrom they will go after all techies not just the ones at NEST. Hence we crib about privacy and try to prevent overreach.
Re: (Score:2)
Slashdotters need to learn and realize that the average consumer - read the vast vast majority of people - don't give a flying-rat-fuck about security or privacy.
What people like you need to learn to realize is that the only difference between a slashdotter and average consumer is knowledge of how the sausage is made.
Re: (Score:2)
Ah, the nineties were a glorious time. Sadly this hasn't been true for at least a decade.
Re: (Score:2)
Oh so sad but oh so true.
Re: (Score:2)
This used to be true but people are learning to be more careful now. Facebook/Cambridge Analytica seems to have been the watershed. When Facebook started running real-world ads trying to restore trust people realized just how bad it was.
Re: (Score:2)
They care. They're just really good at ignoring potential problems and only reacting when something happens.
"Inactive" microphone...says who? (Score:2)
Nest Secure is NOT Nest Thermostat (Score:2)
There seems to be a lot of confusion by folks commenting.
Nest Secure is a home security hub.
Nest Thermostat is a thermostat.
The Nest Secure "base station" is a keypad device with various sensors that acts as both a security component as well as a security "base station". Features of the Nest Secure include the ability to listen for "breaking glass", which can be an indicator of a break-in when the alarm is set. Other Nest security components (such as door/window & motion detectors) communicate back to
Re: (Score:2)
Since the Secure uses the microphone as a breaking glass detector I'd say it was active, but didn't have the software to phone home like a Google Home puck or phone app.
So yep. It's been turned on, but the user couldn't access it for speach recognition.
Re: (Score:2)
The best reason to believe the Thermostat doesn't have a microphone is that it was developed before Google bought Nest. So since we might assume Nest wasn't originally in the data spy business, it make sense to conclude there is no microphone.
Except didn't a new version of the Nest Thermostat come out after Google bought them? Oops!
Just one microphone? (Score:2)
I was under the impression that these far-field voice assistants required an array of microphones to do things like beam forming, noise reduction, acoustic echo cancellation, etc. The Amazon Echo has 7 microphones in a ring.
So there's either more than one hidden microphone or Google is rolling out a feature that's not really going to work well for voice assistance. I have to wonder what the real purpose of this update is.
transducers are coming and going (Score:3)
just a reminder: ALL sound transducers, speakers and mics, do double duty. 50 years ago when sennheiser debuted their legendary 414s, they introduced headphone drivers to the world that were essentially microphones repurposed as tiny on-the-ear lightweight speakers and personal sound reproduction would never be the same. before long there wasn't a radio station or recording studio without the lightweight little hi fidelity wonders. and the reverse is also true. the "regular" consumer speaker products installed in your laptops, tablets, internet radios and smart tvs make dandy microphones and are often used as such by hobbyists and modifiers. if somebody is clever enough and is motivated enough, they can listen in on you through your supposedly micless gear via your speakers, with transmissibility approaching microphones, because that's what they essentially are.
- js.
In older times was more difficult to spt (Score:2)
From now on all devices will have a Microphone (Score:3)
Microphones and the respective chips are so inexpensive, small, and low power now: that there's no reason not to include them
on every device for possible future capability (or covert data gathering capability).
If unused by the product... it will just be unlisted on the spec sheet, and not software enabled.
Expect pretty soon: even simple appliances like the Smoke Detectors in every room, Electric Blankets, Vibrators, Light Switches, Wall Outlets, Toilets, Showers, Bathtubs, Faucets, Refrigerators, Microwaves, Coffee Pots, Dishwashers, Washing machines, Ovens, Stoves, etc... to all include a tiny logic board, wireless internet capability, and a little microphone and speaker: maybe eventually a tiny little camera to go with the microphone.
Eavesdropping, Bugging - Who's researching the law (Score:2)
Assume that someone deceives you and convinces you to unwittingly install a microphone in your home that they can turn on at any time. They haven't actually turned it on, no conversation was heard/recorded. Is it still officially bugging/eavesdropping?
Who's doing the legal deep dive on this?
Re: (Score:3)
Pretty much nobody is going to do anything about this. There is no will among regulators to do anything about this. Don't blame the Republicans. If the Democrats were in control it would be no different. Or perhaps blame them both. It won't get you anything, but you can feel justified they're all slimeballs.
If a lawyer can make a class action lawsuit out of this, perhaps something will happen. This system came out about a year and a half ago. I didn't really see it in stores until last year. How many units
Re: Creepy (Score:4, Funny)
Imagine a girlfriend? This is slashdot
Re:What is the point (Score:4, Interesting)
Got a dog? Voice prints of new people who are friends. The words and terms they use.
The smart device is sold as a new product and service ready to respond and that is always on in the background.
A computer feels like traditional product that is used when really needed.
24/7 ads vs a few hours of web browsing.
Re: (Score:2)
Really?
Smartphone microphones are deceptively tiny nowadays. Sometimes the only reason you know they are there is because of a small hole.
They can be surface mount, literally a mm or so, and not at all obvious as being a microphone (but if they aren't being deliberately hidden, they likely have acoustic-friendly surroundings, like plastics funnels and shields around them).
That was the mic on an iPhone 4, for instance:
https://www.ifixit.com/Teardow... [ifixit.com]
You have now reached the point (actually a while ago) whe
Re: (Score:2)
And since this is only about one Nest product, you should trust the others.
Granted, the thermostat thing was sparked off by the Honeywell thread earlier, but why should you trust the Nest one?