Okay, so this is an interesting and useful juncture, as I have a Thing of the Internet. Having done an evaluation of the $40 delta between "decent smoke/CO detector" and "Nest Protect" I went with the talky glowy motion-sensory choice. I do not regret this purchase as having something say "Heads up! There's smoke in the hallway! Get over here and shut me up in ten seconds or I'll scream at you!" beats the shit out of instantaneous loud beeping. BUT I am conscious that it is an internet appliance, constantly hooked up to the Web, with more telemetry than I'm using (or allowed to use). I also know that the configuration utility presented to me cares precious little about security. So... how can I check what Mr. Nest is saying about my house? How can I check to see what it's putting on my network? As there's no camera on it and (so far as I know) no microphone, I do not believe it presents much of a security risk, but I also suspect it's sharing more than it's telling me.
You can sniff what it's sending with Wireshark, but I'd be surprised if someone hadn't already investigated it for you. Quick googling only found this; they don't know what it's sending back to the mothership, but think you can prevent it from sending whatever it is without preventing it from doing its smoke alarm thing.
Right. So this is advantageous because (A) I'm about to have a Windows machine up and functional for the first time in decades (B) The whole damn internet will be coming through this thing. Is there a clever way to get it to report to me what it's seeing from assorted internal IPs? 'cuz I discovered today that my friendly neighborhood smoke detector will gladly tell me over the internet how many times my toddler got up to pee last Wednesday night.
You can filter what it displays, including by source and destination. You can (and should!) also filter what it captures in the first place.
Some of the DD-WRT firmwares, Tomato etc have the ability to sniff everything crossing your network. I've played with them when I had roommates to keep them from downloading virus and illegal music programs. You can also play with DD-WRT and use it like a full commercial firewall and block adds at the network entry point. Mince will even block all Java applets if I am feeling extra paranoid. Link Only thing to be wary of is that you have to match the firmware of your router EXACTLY with the exact software loads.
Not even Navigation Systems are safe! This has been a thing for a while though, but just popped up on their site. The guys hacking cars via BluTooth were able to change the routing of the nav systems in a couple of the cars.
https://nest.com/support/article/Learn-more-about-Nest-Protect-s-microphone Your nest probably has a microphone.
No matter how smart or curious you are, someone out there has you beat by miles. using the nest to find out when you are home and on vacation and then you got the usual of using the Nest to break into your WiFi. How can you tell? Roll your own firewall and log every packet that goes in and out of the house. Using deep packet inspection, you can see exactly what every device is doing. Theoretically, Pull up to a house in a van marked with the local cable company logos, splice a sniffer into the wire (hell just ask to enter and 'check the equipment') and now you can monitor internet activity. If we were running a game on a high value individual, within 30 days we have that person's schedule, where they web surf (even if the data is encrypted the metadata has significant worth cue the NSA) when they are home, when they sleep, what sorts of devices they own (ie are they worth conning/robbing?) and can probably get their circle of friends and figure out their net worth based on what websites they go to. Is everything above possible? Right now, hell yes it is. Thanks to Snowden we know the NSA, FBI and UK governments do this to people they want to monitor. Our main advantage is that we are nobodies and below the radar. I'm not going to do anything more disruptive to the government other than write some campaign contribution checks and bitch about my tax bill this year. I'm much more worried about some Central European Bitcoin gangs who can sit in a room and figure this stuff out because stealing $4000 feeds and shelters them for three months. The risk/reward dynamic gets set all out of whack when you know the local PD don't care about "internet" crime overseas. For the record, I do not have any internet connected "smart" devices in the house other than the computers, cell phones, tablet et al I use to work and read. And with those devices alone the above scenario would be to my detriment, no smart devices needed. My lack of ownership of these devices is not due to paranoia but to my being a cheap bastard who can live with a $20 thermostat I got off Amazon when I got the house, and the fire alarms are all standard 10 year dumb devices because they are cheap, subsidized by the local fire department, and they work. If i had kids, I can see that changing. Is this something that 'normal' people should worry about? Worry, probably not. Freak out over? Definitely not. Have in the back of their heads? Absolutely. But I'm starting to see that there is good money to be made in helping the normals secure their stuff against the bad guys.I am conscious that it is an internet appliance, constantly hooked up to the Web, with more telemetry than I'm using (or allowed to use). I also know that the configuration utility presented to me cares precious little about security.