Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Google Privacy

Nest Secure Has an Unlisted, Disabled Microphone (androidauthority.com) 207

An anonymous reader quotes a report from Android Authority: Owners of the Nest Secure alarm system have been able to use voice commands to control their home security through Google Assistant for a while now. However, to issue those commands, they needed a separate Google Assistant-powered device, like a smartphone or a Google Home smart speaker. The reason for this limitation has always seemed straightforward: according to the official tech specs, there's no onboard microphone in the Nest Secure system. However, Google just informed us that it is right now rolling out Assistant functionality to all Nest Secure devices via a software update. That's right: if you currently own a Nest Secure, you will be able to use it as a Google Home very soon. That means somewhere in the Nest Guard -- the keypad base station of the Nest Secure -- there might be a microphone we didn't know existed. Either that or your voice commands are going to be heard by another product (like your phone, maybe) but Assistant's output will now come from the Nest Guard, if you happen to be in the range of that device. UPDATE: Google has issued a statement to Android Authority confirming the built-in microphone in the Nest Guard base system that's not listed on the official spec sheet at Nest's site. The microphone has been in an inactive state since the release of the Nest Secure, Google says. This unlisted mic is how the Nest Guard will be able to operate as a pseudo-Google Home with just a software update.
This discussion has been archived. No new comments can be posted.

Nest Secure Has an Unlisted, Disabled Microphone

Comments Filter:
  • by Anonymous Coward on Monday February 04, 2019 @04:58PM (#58070302)

    look, i just want a warm living room when i come home from work

    can we fuck off with this creeping and creepy featuritis?

    • by Anonymous Coward on Monday February 04, 2019 @05:28PM (#58070476)

      a 'smart' thermostat needs no camera, needs no microphone. needs no 'cloud' backing it up.. just a little locally run code, a source for local weather conditions, forecasts and date/time.. the national weather service and nist (and other countries' equivalents) provide those. for free.. with no creepy factor.

      anything that CAN run locally.. SHOULD be run locally. this cloud dependency simply for the sake of 'the cloud' (and data gathering) is total bullshit.

      • by ljw1004 ( 764174 )

        a 'smart' thermostat needs no camera, needs no microphone. needs no 'cloud' backing it up..

        I've frequently controlled my Nest via smartphone from under the warmth+safety of my own duvet covers when it was too cold to get out.

        I'm not sure how this would best be done. It can't be via bluetooth (out of range). Doing it via cloud, as Nest does, seemed to work fine. Another option would be if the nest app on my phone is able to seek out local devices on the local area network, I guess like AirPlay and other streaming protocols.

        Also, on most vacations, I've realized I forgot to turn down the heating an

        • by ceoyoyo ( 59147 )

          Wifi works fine. There are smart thermostats that use it, just not ad supported ones.

          For outside access the company could offer a dynamic DNS service instead of a bunch of cloud stuff.

          • Plenty companies do use the DDNS feature but thatâ(TM)s LESS secure than a device dialing into a cloud app. At least you can make efforts to keep a central app secure and updated and there is nothing dangling (directly) on the Internet. With DDNS, your device gets anyone direct port/IP access.

            • by ceoyoyo ( 59147 )

              The cloud solution is more secure when you trust the provider. When their business model is spying on you, not so much.

              You could use a third party access server too. Emphasis on third party. Someone who gets audited regularly, and whose job is purely to create a secure connection between you and your home, over the internet.

      • Yes, and the masses will still purchase and gobble this stuff up so it will become even more pervasive. They just don't care or see the problem with it.

        I'm having a hell of a time finding IP cameras that do NOT use the cloud. You can't even tell if you read the specs sometimes.

        If I were smart I'd startup a similar company that "features" no cloud connections for the informed market.

      • Honeywell doesn't think so [theregister.co.uk].
      • by havana9 ( 101033 )
        If you need a smart thermostat or whatewer there are a lot of smart solutions without microphone or cloud systems. Like BTicino MyHome [bticino.it] or Vimar [vimar.com] or CSISPA [csispa.it] they can work disconnected and without using TCP/IP. These cloud systems look easier to setup of course and you have to buy them in a professional warehouse and follow the elecrical code guidelines to install them. It's the laziness factor that wins.
      • a 'smart' thermostat needs no camera

        Depends on how "smart" you expect the "smart" thermostat to be. You use the word "smart" and then describe something incredibly dumb that has existed for years.

        Conversely with a camera you can apply image detection to determine if someone is home / away while ignoring disturbances like pets, you know, like someone "smart" would.

    • by Joe_Dragon ( 2206452 ) on Monday February 04, 2019 @05:39PM (#58070534)

      that's how they got nixon!

    • by Lab Rat Jason ( 2495638 ) on Monday February 04, 2019 @06:44PM (#58070870)

      What are the odds that a government, or other state sponsored entity already knew about this... and already updated your software?

      Asking for a friend...

    • Then just buy a Nest and be done with it. I don't know why you are complaining about something as irrelevant as a thermostat while we're talking about a completely different product.

  • by Anonymous Coward

    id hate to think some company would install a secret microphone in peoples home and then also secretly work with the chinese government or something like that

  • LOL (Score:4, Funny)

    by strikethree ( 811449 ) on Monday February 04, 2019 @05:02PM (#58070322) Journal

    Permit me to say: LOL

    I am shocked, shocked I say. ;)

    • by gweihir ( 88907 )

      I find this exceptionally funny. People are _dumb_ to trust these companies.

      • by AmiMoJo ( 196126 )

        What choice do you have though? Unless you want to drive a pretty old car you will find that all modern ones have a microphone for Bluetooth support. And in this case the buyers would have had to disassemble the device to even find out that it had a mic.

        It's like how it's hard to buy a dumb TV these days. If you want something with a tuner you either buy a used one or it's going to have smart features and quite possible a microphone.

        • What choice do you have though?

          Dozens of brands of $10-$50 programmable thermostats in this case.

          I am baffled at people's apparent need for something more than that. Every use-case I hear is either someone too lazy or too stupid to maintain a useful temperature in their house, or who is unable tolerate anything other than getting the exact temperature exactly when they want it.

          Seal your gaps, make sure your insulation is up to code, program a reasonable daily temperature profile, and then you're done. If you've bought a house built in th

          • by AmiMoJo ( 196126 )

            I meant in general you can't avoid these technologies completely. Sure you don't have to have a smart thermostat... Yet. Eventually they may end up like TVs and cars, you can't buy one without a microphone in it. Okay, less likely for a thermostat, but you see my point.

            I don't know what the solution is. Laws harshly punishing misuse are a good idea. I remember reading a sci-fi book where it was possible to spy on anyone at any time (using micro wormholes) so some people started living in complete darkness a

    • by AmiMoJo ( 196126 )

      Could they at least return the Nest thermostat now? In the UK you could return it under consumer laws for being "not as described" and "not fit for purpose", get a refund and probably ask the retailer to cover some reasonable costs if you felt like pushing it.

      • They are not talking about the Nest thermostat. They are talking about the Nest Security system. Two different items made by the same company.

        So return your Nest thermostat if you want, but you won't be able to do it because it has a microphone, because, as far as is known, it doesn't.

  • by bugnuts ( 94678 ) on Monday February 04, 2019 @05:09PM (#58070354) Journal

    I will not buy a TV with a video camera.

    I'd be furious if I found out my TV had one, that only needed a software update to activate.

    • by gweihir ( 88907 ) on Monday February 04, 2019 @05:51PM (#58070590)

      Just expect that camera to be cleverly hidden in the future.

    • If you buy a TV that has WiFi, block the MAC; if it has wired, just don't connect it.

      I have an old WD box for Netflix, which has neither camera nor microphone.

      • by bagofbeans ( 567926 ) on Monday February 04, 2019 @06:40PM (#58070850)

        You can't block the MAC on all your neighbours' wifi systems, and you can't stop the TV breaking the weakest password protection it finds.

        I remind about the Sony CD rootkit debacle.

        • I always wondered if there had been any wifi-equipped devices that also had WPA breaking automation in them to gain access to networks when they otherwise couldn't.

          But at this point what you have to stop now are cheap cellular modems.

          • All the smart tvs in the future are gonna have 5G connections that are "free" so that they can still phone home and do whatever they want unless you live in a faraday cage or far away enough from a 5G cell phone tower.

            • by skegg ( 666571 )

              >> unless you live in a faraday cage

              Heh heh, I like that.

              >> or far away enough from a 5G cell phone tower

              From what I hear isn't that, like, a metre?

        • by AmiMoJo ( 196126 )

          You are going to have to open it up and unplug the wifi antenna, and attach an attenuator in its place.

          Or just install tinfoil wallpaper in your living room, but I've heard that may amplify the mind control rays. [archive.org]

    • You can't buy a good 4k display that does not have a microphone. I said I wouldn't buy a display with a mic or camera, but I did. I just never plug an ethernet cable into it, and my wifi is white-listed to omit the display.

      • Looking over the specs of a Samsung 4K TV shows it has a microphone in the remote but not in the TV. Assuming that is true, a universal remote and removing the batteries in the Samsung remote should take care of that.

        ---
    • by skegg ( 666571 )

      Same here: when I needed to buy a new TV one of my few criteria was "NOT a smart TV".

      And I predict this rule will stand when I need to buy another one.

      My choices were constrained, but so be it.

  • by PPH ( 736903 ) on Monday February 04, 2019 @05:09PM (#58070356)

    I'm putting my old mercury bulb thermostat back in.

  • The real question (Score:5, Insightful)

    by Anonymous Coward on Monday February 04, 2019 @05:10PM (#58070358)

    Is how many other devices have clandestine microphones unbeknownst to the owners?

    How can you trust anything from any of these tech companies. They all spy on you.

    • Re: (Score:2, Insightful)

      Is how many other devices have clandestine microphones unbeknownst to the owners?

      FTFS:

      That's right: if you currently own a Nest Secure, you will be able to use it as a Google Home very soon.

      No, it uses you!

      Now, already.

    • Is how many other devices have clandestine microphones unbeknownst to the owners?

      Yes

      How can you trust anything from any of these tech companies. They all spy on you.

      No and yes.

      Unless you disassemble and inspect an IoT personal spying device, You must assume it has both a microphone and camera. Because it probably does. This Nest example pretty must rests my case. If it is possible to listen, they will listen

    • Genuine question: anyone have any idea how "average consumer" or even "moderately tech-able /. poster" could identify this shit?

      Or, failing that, does anyone know if there's a way to, I dunno, strip out UPSTREAM data from a specific device in your router settings? I assume that would make most devices that use ethernet connections non-functional because they wouldn't be able to ack anything legitimate.

      • Or, failing that, does anyone know if there's a way to, I dunno, strip out UPSTREAM data from a specific device in your router settings?

        I don't know if all routers can do this. Ubiquiti routers can for sure, assign a static IP to that device and block all traffic from that IP from going to the internet.

        However, that will probably make it mostly useless as almost all of the "smart" things require internet to work.

        • by MemeRot ( 80975 )

          I'll bet that's how it operates.

          Tiny program event - hey time to turn up the heat.
          Nest: web request to https://www.google.com/search?... [google.com]
          Special hidden result which pipes web assembly back to the thermostat.
          Tiny program event - heat good enough

      • Without disassembling the device there's really no way to tell. The best you can do is check if the case has a hole that looks suspiciously like a microphone hole, but that's going to be pretty error prone. It's still easy to put a mic somewhere that doesn't have an obvious hole, or have what looks like a mic hole that doesn't actually have a mic mounted.

        It's trivial to configure a router to not pass upstream traffic from a particular device, but that's pretty much the same as not having it on the netwo

        • Without disassembling the device there's really no way to tell. The best you can do is check if the case has a hole that looks suspiciously like a microphone hole, but that's going to be pretty error prone. It's still easy to put a mic somewhere that doesn't have an obvious hole, or have what looks like a mic hole that doesn't actually have a mic mounted.

          Ohh, ohh, ohh..... I haz idea. Once you find a microphone, simply remove it from the device, then attach some wires to when the mic was, send audio to it, and start letting them listen to say, porn movie audio, or Meg Ryan's orgasm voice from "When Harry met Sally, or maybe Doctor Strangelove soundbytes. Possibly even RickRoll them.

          Or better yet, send them commercials.

  • by HarrySquatter ( 1698416 ) on Monday February 04, 2019 @05:17PM (#58070390)

    Disabled or "disabled"?

  • by renegade600 ( 204461 ) on Monday February 04, 2019 @05:19PM (#58070410)

    so I wonder how many other google products have hidden microphones??? what about their mesh router?

    • Re:not right (Score:4, Insightful)

      by Ol Olsoc ( 1175323 ) on Monday February 04, 2019 @05:32PM (#58070496)

      so I wonder how many other google products have hidden microphones??? what about their mesh router?

      Well, their business is exactly collecting as much data on you as they can, then selling it and making money. Care to hazard a guess? They're getting surveillance data on you that would make Microsoft blush.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Well, their business is exactly collecting as much data on you as they can

        So far, so good...

        then selling it and making money.

        Oh, and you were doing so well.

        Google doesn't "sell" their data about you. That data, that's their golden goose. If they sell it, they've got nothing. No, what they sell is you. Or rather, your eyeballs and attention.

        People go to Google and say "Show my ad to enough people to earn me 100,000 additional sales". Google uses its data about you to determine whether you're likely to respon

        • by dwpro ( 520418 )
          The number of layers abstracted/aggregated are relevant but not exculpatory. Telling how many many of X are in area Y with a propensity for Z can give you zero or perfect accuracy on an individual, depending on the question and prior knowledge. We should all be vigilant of _any_ use of our data, as it can be combined in nefarious ways that we cannot imagine.
  • has 5 or so presets, cost nothing (thanks natural gas company) and doesn't have any microphones, or wifi.

    If I had a Nest, I'd probably break out the dyke cutter and remove the microphone.

    • If I had a Nest, I'd probably break out the dyke cutter and remove the microphone.

      And I would laugh my ass off after you thoroughly destroy your nest thermostat because you failed to read the summary which is about the nest secure, which is a completely different product.

  • Summary is biased. (Score:2, Insightful)

    by msauve ( 701917 )
    "according to the official tech specs, there's no onboard microphone"

    The tech specs not listing a microphone is very different than the tech specs saying "there is no onboard microphone," as claimed.
    • by gweihir ( 88907 ) on Monday February 04, 2019 @05:49PM (#58070584)

      Tech specs, by their very nature, must list every major feature present. That list _must_ be complete. Anything major not listed must be absent. And the ability to record audio (even is "disabled" in software) is obviously a major feature in a device you put in your home. Also obviously, they do not list everything that is missing as that would be infeasible. For example, this device likely does not contain an ice-cream machine or a toilet roll holder either. Would you also expect that to be listed as absent?

      Do you see how wrong your statement is?

      • Re: (Score:3, Insightful)

        by msauve ( 701917 )
        Oh, bullshit. The microphone isn't a feature until it starts being used. It's not uncommon for devices to have components which the engineers think might be useful in the future, but never are.

        For instance every (?) Broadcom based cellphone SoC supports FM radio functionality, but only those manufacturers who enable it list "FM radio" as a feature.

        If they'd listed a microphone, people have started complaining that they couldn't use it.
        • by gweihir ( 88907 ) on Monday February 04, 2019 @06:05PM (#58070658)

          The microphone is a feature as soon as it can be activated by software. How that activation happens is immaterial. It changes the status of the device to "listening device". Your SoC example is deeply flawed.

        • by Khyber ( 864651 )

          "Oh, bullshit. The microphone isn't a feature until it starts being used."

          So you'll have no problem with me selling you a device, not saying it has a microphone, and then listening to you at will with a surreptitious update. Thanks, you fucking corporate lapdog. You're one of the reasons we have all of this spying shit now.

          • by msauve ( 701917 )
            So, English isn't your native language, so you think that "listening to you" isn't "being used." Thanks, you fucking logic impaired idiot.
      • by MemeRot ( 80975 )

        Me to Nest:
        Ok Google, remind me when this thing can dispense toilet paper

  • by 93 Escort Wagon ( 326346 ) on Monday February 04, 2019 @05:23PM (#58070438)

    Google announced that, going forward, the thermostat will be called the:

    Nest “Secure” ;-)

  • At least unless there is a physical switch. No? Then this counts as deceptive and malicious. These evil f****** are getting more bold.

  • by Anonymous Coward on Monday February 04, 2019 @05:40PM (#58070544)

    Slashdotters need to learn and realize that the average consumer - read the vast vast majority of people - don't give a flying-rat-fuck about security or privacy. They care about shiny new toys and personal convenience and they do not care what the price.

    These major services/vendors have figured it out. They understand that they can do whatever the fuck they want, so long as it's convenient or shiny new for the end user. The end user/consumers gleefully hand over their money, their security, and their privacy to any and all of these companies for shiny new or convenient.

    You people worrying about microphones listening in, cameras recording activities, big data tracking your every fucking activity on a global scale, you're very much in the minority. The MASSIVE majority don't just fail to understand your odd and suspicious concerns, they are angered by your belligerent resistance to devices and services such as completely unnecessary $200 thermostats that track the consumer's habits, or Smart TVs that track viewership, feed targeted ads, and listen in on household conversations.

    To the rest of the world, you're a nutter deserving of scorn, ridicule, and ostracization.

    • The mob may be distracted by shiny toys today but at some point when the snooping gets too much the mob will get ugly and when they start the pogrom they will go after all techies not just the ones at NEST. Hence we crib about privacy and try to prevent overreach.

    • Slashdotters need to learn and realize that the average consumer - read the vast vast majority of people - don't give a flying-rat-fuck about security or privacy.

      What people like you need to learn to realize is that the only difference between a slashdotter and average consumer is knowledge of how the sausage is made.

      • by ceoyoyo ( 59147 )

        Ah, the nineties were a glorious time. Sadly this hasn't been true for at least a decade.

    • by marcle ( 1575627 )

      Oh so sad but oh so true.

    • by AmiMoJo ( 196126 )

      This used to be true but people are learning to be more careful now. Facebook/Cambridge Analytica seems to have been the watershed. When Facebook started running real-world ads trying to restore trust people realized just how bad it was.

    • by ceoyoyo ( 59147 )

      They care. They're just really good at ignoring potential problems and only reacting when something happens.

  • There seems to be a lot of confusion by folks commenting.

    Nest Secure is a home security hub.
    Nest Thermostat is a thermostat.

    The Nest Secure "base station" is a keypad device with various sensors that acts as both a security component as well as a security "base station". Features of the Nest Secure include the ability to listen for "breaking glass", which can be an indicator of a break-in when the alarm is set. Other Nest security components (such as door/window & motion detectors) communicate back to

  • I was under the impression that these far-field voice assistants required an array of microphones to do things like beam forming, noise reduction, acoustic echo cancellation, etc. The Amazon Echo has 7 microphones in a ring.

    So there's either more than one hidden microphone or Google is rolling out a feature that's not really going to work well for voice assistance. I have to wonder what the real purpose of this update is.

  • by JackSpratts ( 660957 ) on Monday February 04, 2019 @11:33PM (#58071768) Homepage

    just a reminder: ALL sound transducers, speakers and mics, do double duty. 50 years ago when sennheiser debuted their legendary 414s, they introduced headphone drivers to the world that were essentially microphones repurposed as tiny on-the-ear lightweight speakers and personal sound reproduction would never be the same. before long there wasn't a radio station or recording studio without the lightweight little hi fidelity wonders. and the reverse is also true. the "regular" consumer speaker products installed in your laptops, tablets, internet radios and smart tvs make dandy microphones and are often used as such by hobbyists and modifiers. if somebody is clever enough and is motivated enough, they can listen in on you through your supposedly micless gear via your speakers, with transmissibility approaching microphones, because that's what they essentially are.

    - js.

  • In the older time to place a microphone somewhere hou have had to be really clever, like one that invents elecronic musical instruments: Theremin's bug [hackaday.com] now ir way way easier to russians to spy, because we have tons of micophones in appliance connected to a communication network...
  • by mysidia ( 191772 ) on Tuesday February 05, 2019 @10:14AM (#58073242)

    Microphones and the respective chips are so inexpensive, small, and low power now: that there's no reason not to include them
    on every device for possible future capability (or covert data gathering capability).

    If unused by the product... it will just be unlisted on the spec sheet, and not software enabled.

    Expect pretty soon: even simple appliances like the Smoke Detectors in every room, Electric Blankets, Vibrators, Light Switches, Wall Outlets, Toilets, Showers, Bathtubs, Faucets, Refrigerators, Microwaves, Coffee Pots, Dishwashers, Washing machines, Ovens, Stoves, etc... to all include a tiny logic board, wireless internet capability, and a little microphone and speaker: maybe eventually a tiny little camera to go with the microphone.

  • Assume that someone deceives you and convinces you to unwittingly install a microphone in your home that they can turn on at any time. They haven't actually turned it on, no conversation was heard/recorded. Is it still officially bugging/eavesdropping?

    Who's doing the legal deep dive on this?

    • Pretty much nobody is going to do anything about this. There is no will among regulators to do anything about this. Don't blame the Republicans. If the Democrats were in control it would be no different. Or perhaps blame them both. It won't get you anything, but you can feel justified they're all slimeballs.

      If a lawyer can make a class action lawsuit out of this, perhaps something will happen. This system came out about a year and a half ago. I didn't really see it in stores until last year. How many units

Life is a whim of several billion cells to be you for a while.

Working...