Detailed explanation of reverse posture of Google Nest smart devices

Detailed explanation of reverse posture of Google Nest smart devices

Today, the concept of Iot is very popular, but the real innovation is not as much as you think. The so-called "smart" cameras, door locks, and lights are nothing new.However, some vendors in the IOT field are still amazing. For example, Nest Lab has become one of the most famous brands in the IOT field after its acquisition by Google.

?? Protonet regards having and being able to access personal data as one of its core values. Although we are very respectful of Google's technology, we are very skeptical that its smart home products can only be accessed through the cloud.

??

 

Google Nest camera

Only access through cloud

One of the major features of Nest's products is that they are all Web-only products. The only way to obtain Nest camera or thermostat data is through the Nests cloud. The Nest camera and Nest thermostat may run any service on any port, which we cannot know. This will bring about two problems:

Without a network, you cannot operate the camera or change the thermostat settings. All the data on the device will be continuously sent to Google, unless the device is disconnected from the network.

All configured controls can be accessed through Web browser applications or mobile apps. I chose to use the mobile app to learn how to obtain private data. Obviously, we need to build a VPN, create a fake SSL Certificate, and use the packet capture tool to monitor all HTTPS traffic.

 

 

Nest thermostat

Reverse Flow

1. Nest camera

The login process looks very direct. The application will send a JSON object to the server, including the email and plaintext password, and then receive a session cookie.

POST /session HTTP/1.1Content-Type: application/json;charset=UTF-8User-Agent: Nest/[redacted] (Android; Obsidian) [redacted]Host: home.nest.com/.../{"password":"foo", "email":"bar"}

The application then uses cookies to create a session with the dropcam server. The API provides several endpoints, such as capturing the list of cameras and their massive data, as follows:

{ "talkback_stream_host": "stream-delta.dropcam.com:443", "is_streaming_enabled": true, "last_connected_time": redacted, "direct_nexustalk_host": "redacted", "timezone": "redacted", "id": redacted, "live_stream_host": "redacted", "description": "",...

Click the link to view the complete code

With another endpoint, we can also get the information list for a period of time, that is, the time point at which the motion sensor is triggered, and the endpoint can cut the current image into jpeg. At the end of this article, we will have detailed Go code.

2. Nest thermostat

We now pin our hopes for integration with other Iot devices on the thermostat. After sending user, building, and device information to the server, we will receive a series of information about the thermostat, but there is no current temperature.

{  "alt_heat_delivery": "forced-air",  "alt_heat_source": "gas",  "alt_heat_x2_delivery": "forced-air",  "alt_heat_x2_source": "gas",  "auto_away_enable": true,  "auto_away_reset": false,  "auto_dehum_enabled": false,  "auto_dehum_state": false,  "aux_heat_delivery": "forced-air",  "aux_heat_source": "electric",...

Click to view all code

Go code for accessing Nest thermostat

The following is a sample of the complete Code. The Code functions include logon, download, screenshot, and thermostat information:

package main import (        "bytes"        "encoding/json"        "errors"        "fmt"        flags "github.com/jessevdk/go-flags"        "io"        "io/ioutil"        "net/http"        "os"...

View complete code

The Nest device is outstanding in hardware engineering, but building a wall around the user's own data is still a suspicious action at the software level. Since it is my personal data, it should allow me to access it easily through open APIs, and I should be able to access it without any tricks. Nest promised to introduce a new API in the news announcement, and its reference document already exists. However, this API is much more restrictive than the internal API in the Nest mobile app. We still hope Nest can make its products more open.