16.6.22

This guy installed Ubuntu Linux on his Google Nest Hub


A USB bug in the bootloader made it possible to break secure boot and run arbitrary code.

The 2nd-gen Google Nest Hub is Google’s smartest smart display yet, offering sleep tracking, passable performance, and all the Assistant intelligence you could need. For all its smarts, the Nest Hub still isn’t a full computing device, though — the OS is far too limited. While Google is hard at work building a Pixel tablet as an alternative, it will still take some time until it sees the light of day. In the meantime, an avid hacker has managed to turn the existing Nest Hub hardware into a device that actually runs Linux distribution Ubuntu, teaching Google some security lessons while at it.

As spotted by Mishaal Rahman, San Diego-based security researcher Frédéric Basse published a report on this Nest Hub vulnerability. He details how it’s possible to exploit security loopholes in the Nest Hub’s boot process to sidestep security measures, allowing him to install a stripped-down version of Ubuntu on the device. To achieve this, he had to pry open the base of the Nest Hub, revealing a hidden USB port meant for debugging or repairs, which he connected to a USB device to boot from. A software bug in the open-source “U-Boot” bootloader allowed him to bypass secure boot, and the rest is history, as you can see in the GIF below.

In his conclusion, he makes clear that this issue shouldn’t even exist in the first place. It looks like Google relied on an older version of the open-source bootloader that still offered this exploit (which was actually fixed as early as 2019), and it’s also questionable whether the Nest Hub even needs a regular USB port for debugging.

The security researcher didn’t just post about this exploit willy-nilly. He initially submitted it to the 2021 Pwn2Own competition, but it didn’t qualify. Shortly after he disclosed the vulnerability to Google, which then released a security update in December 2021. He then only made the exploit public in June 2022.

While it’s concerning that this vulnerability has made it into the final release of the Nest Hub, it probably won’t ever be something that will be exploited in real life. An attacker would need physical access to the device, quite some time for tinkering with it, and some way to hide all the additional hardware from view in order to use this exploit to snoop on someone. While it’s not good that this unfixed vulnerability exists, it probably isn’t too big a deal, and mostly makes for a fun hacking project rather than anything else.

It’s also clear that this is nothing but a proof of concept, given that the Nest Hub lacks the proper input options for Ubuntu and would probably feel rather cramped due to the small screen. Nevertheless, once Google decides that the Nest Hub shouldn’t be supported anymore, this exploit could allow keen tinkerers to breathe new life into the device — much like you would with a custom ROM on Android.

Manuel Vonau