The 2nd-gen Google Nest Hub is a smart display with a 7 inch, 1024 x 600 pixel touchscreen display, a built-in speaker, and a lightweight operating system designed to put Google Assistant front and center.
But security expert Frédéric Basse found a security vulnerability that could be exploited to install other operating systems on the Nest Hub, and as a demonstration he installed Ubuntu Linux.
Basse has written up a detailed explanation of how the vulnerability was discovered and how the exploit was used to execute arbitrary code on the Nest Hub, and the software you’d need to repeat the process on your own Nest Hub has been shared to a GitHub repository.
Update: Google notes that it’s rolling out an update that patches the vulnerability which is good news for folks that want tighter security on their Nest Hub smart displays, but less good for folks looking to install Ubuntu.Â
But there are a few things to keep in mind before trying to install Ubuntu or another operating system on a Nest Hub. The first is that this isn’t just a simple software hack – you’ll need a Raspberry Pi Pico or similar device that can be configured to work as a USB flash drive with settings that will crash the Nest Hub and then load a custom payload that allows you to boot from an alternate device. Then you can insert a different flash drive that’s been prepared with a build of Ubuntu (or another OS) that’s compatible with the Nest Hub’s hardware.
The second issue? There’s a reasonable chance that if anything goes wrong, you could end up damaging your smart display. And since this is clearly not a use case covered by Google’s warranty, good luck getting your device repaired if you break it.
That said, it’s a pretty neat trick for now… and it could be a way to breathe new life into Google’s smart displays if Google eventually stops supporting them (something the company has a history of doing to old projects).
via @MishaalRahman