Rooting The Nest Thermostat

nest-300x293 A few months ago, Google bought a $3.2 billion dollar thermostat in the hopes it would pave the way for smart devices in every home. The Nest thermostat itself is actually pretty cool – it’s running Linux with a reasonably capable CPU, and adds WiFi to the mix for some potentially cool applications. It can also be rooted in under a minute,

As [cj] explains, the CPU inside the Nest has a Device Firmware Update mode that’s normally used for testing inside the Nest factory. This DFU mode can also be used to modify the device without any restrictions at all.

With a simple shell script, [cj] plugs the Nest into his laptop’s USB port, puts the device into DFU mode, and uploads a two-stage booloader to enable complete control over the Linux-powered thermostat.

As a bonus, the shell script also installs an SSH server and enables a reverse SSH connection to get around most firewalls. This allows anyone to remotely control the Nest thermostat, a wonderful addition to the Nest that doesn’t rely on iPhone apps or a cloud service to remotely control your Internet enabled thermostat.

Video of the rooting process below.

Comments

  1. jlbrian7 says:
  2. kak says:

    Why’d you want your home to be connected to the Web? I like to keep my things simple and NSA-proof.

    • fartface says:

      Then you better get rid of Cable TV. That cablebox has a camera watching you. Can you please move the TacoBell cup you have had sitting on your bluray player for the past week, we cant see into the kitchen with it there.

      Thank you for your co-operation with the NSA.

  3. SYNTRONIKS says:

    ITT we can spend lots of money to reprogram a thermostat? Good? yes. Hack? yes. Useful? Let’s see >:D

  4. Justin Case says:

    I attended a wireless Z-Wave/ZigBee seminar today, cool stuff on the horizon.
    But anything that Google wants to introduce that has to do with the household, RUN THE OTHER WAY AS FAST AS YOU CAN !!!
    I heard they’re trying to get into wireless hydro meter business.
    More data collection of individuals.
    Frankly, I see google as an unstoppable monster who will own us all because they will know our every habit & secret and will develope algorithms to accurately predict everything about each of us, and their “search & algorithm results” will have standing in law.
    You’d be horrified if your government kept as detailed a file on everyone as google does, but with a private company, “where’s the problem ??”.
    But I also see you facebookers as naive and complacent so likely you all blissfully see no problem with any of this data collection stuff.
    If I put up a satellite with live cameras and infinite archiving, I’d be indefinitly detained.
    Google is launching a butt load of exactly this, and no one sees a problem.
    I would however, do it too if I could.
    I’d also send a satelite to the moon to view the far side, but I think my country lawfully forbids me to launch or control a space vehicle.

    The thermstat is cool.

    • bryan says:

      I’m not excited to own anything that started out with google, touches google or has google interested in it.

      if I want to do this kind of thing, I’ll build my own and it won’t be a standard protocol or be cloud based.

      corps: you don’t deserve our trust. especially google!

    • slavoj says:

      I’ve been solidly pleased by every service google has had to offer to me thus far. If someone offered to provide me with GPS Maps with Voice Navigation, an index of the entire internet, 24/7 email service with functionally unlimited storage, live document sync and a full suite of office programs, thousands of hours of videos, an aggregation of the top news articles from around the planet updated every minute and an operating system that allows me to take pictures, store files, browse the internet and play games on my phone in exchange for the numbers on my thermostat I’d make that deal in a heartbeat.

      Seriously, I doubt I could ever sell or market my personal information in such a way as to be able to pay someone to give me all of those services. Google has less information about me than I’d put into my autobiography, and they sure give me more value for it than I’d ever make if I tried to sell my autobiography.

      Basically, I don’t expect Google to give me awesome stuff without me giving them something in return and I think some cursory information about my interests, or even my water bills, is a more than fair trade for the stuff they sell me.

      • Maxwell says:

        I agree, google could probably clone me with all the information they have, but I can live with that. I’d be surprised if they hadn’t worked with the NSA in the past too honestly. It’s invasive, it’s intrusive, and I can live with that.

        They may be our evil overlords, but they’re damn benevolent overlords.

        Now, the NSA on the other hand, that just pisses me off. Every camera on every street is probably streaming into the NSA, and god knows what else. The NSA collects information, but google accepts information. That’s a huge difference. One’s a grabby child grasping at your diddly bits, the other one is a guy on the sidewalk that watches who passes, and gives advise.

    • Max Siegieda says:

      Personally it’s all about the services they provide in return. Say the NSA kept a copy of all my data, if they were just doing it behind my back I’d be upset, if however they allowed me access to their backup in case one of my drives failed I’d be fine with it, maybe even pay them as they’d be providing a useful service. The same applies to the government vs corporations for spying, reading my emails? Not cool, reading my emails so you can remind me about tickets to see things, or track my packages for me, totally helpful.

    • 0xfred says:

      ZigBee? On the horizon? One thing that strikes me about ZigBee is that it’s been “on the horizon” for so long that it seems to be on its way out.

      Also, Google are the sort of company who will decide to leave this open so you can hack it if you want. Unlike those dicks at Apple.

      You’d enjoy The Circle by Dave Eggers – it’s about a company just like the evil Google you describe.

  5. Camel says:

    To me this seems like an excellent feature that makes me want to buy a Nest. I could integrate it in to my other automation systems without sending data on my habits to Google.

    I’m a bit concerned how they call this a ‘Vulnerability’. The terminology alone might cause the manufacturer to “fix” this “problem”, and that wouldn’t be so nice.

    If you buy it you should be able to easily pwn it, right guys?

    • nsayer says:

      I agree. If disassembly or physical deinstallation is required, then it’s not really a vulnerability anymore unless it’s a device intended to be installed unattended in completely uncontrolled space (e.g. a pay phone, if you’re old enough to remember one).

      Just about anything with a generic microcontroller installed will have a JTAG or similar ISP interface inside somewhere. That’s not a “vulnerability” either.

  6. Agreed with Camel; firmware access is an awesome feature! Wireless home automation is having a slow, slow start. Letting power users explore what’s possible and build cool stuff will give it a kick in the pants.

  7. Remarknl says:

    This is excellent work! I hope it will be possible to add more protocols for unsupported heating equipment,

    All you had to do was follow the damn train cj! — Sorry about this. Couldnt resist.

  8. flink says:

    Since rooting it allows you to take out the hooks that connect it to Google and manage the device with tools of your own creation, it again begins to sound like something cool to play with.

    @Camel, once it’s rooted and you have SSH services running, you can probably remove or disable DFU if you choose.

  9. rasz_pl says:
  10. Anne Nomymous says:

    Remember citizens, freedom is slavery, ignorance is strength, and big brother knows what is best for you. Google needs more electricity, so everyones AC will be turned down a bit in the summer, and heating will be rationed in the winter.

    You can always get more heat/AC by telling google a bit more about yourself. Share your passwords, share your friends.

    Remember, civic deeds do not go unrewarded, and contrarywise, compliance with his cause will not go unpunished. Be safe, be aware.

  11. steel_9 says:

    Can’t you just disable the wifi to keep Google out of your thermostat? it probably isn’t as simple as toggling a button under Settings, but should be possible to do with a hardware or software modification.

  12. boot says:

    Nothing with any network connection will ever enter my household equipment. I know nothing is 100% secure so i just don’t take the risk of someone in romania opening my garage, or heating my house in the summer :-) better safe than sorry..

  13. Chris C. says:

    The Nest itself is a bad idea. Energy savings and comfort are at odds to each other. At best, a machine cannot “learn” your habits and consistently produce an acceptable compromise better than you can. At worst, the complexity required to even attempt it makes the Nest more prone to catastrophic failure; I’ve seen dozens of horror stories of the Nest wrecking havoc.

    At least for those who have already been suckered into paying $250 for a Nest and found it troublesome, this hack potentially provides a way to make it useful.

    And as for the rampant paranoia that dominates the comments here? Sheesh, y’all are nuts. My house is currently 76°F. I had Rice Crispies with sliced banana for breakfast, too. Surely the NSA cares, has recorded this, and will now flag me a terrorist.

    • charliex says:

      my nest has worked out well, our bills dropped and its nice to be able to remote control it. you can let it auto learn and it does a pretty good job, then you can go in and tweak the scheduler yourself.

      I’m sure there are horror stories, but then make an idiot proof device, and someone will beat it.

  14. If your that paranoid, sniff the traffic off the device and see where it leads. Once you have that information you could deny that device from reaching out of your lan. Google privacy this, google privacy that. You can keep wearing tin foil hats. The rest of us will just be discrete about our communications. Remember if your fearful of someone using some information against you, you have something to hide. If you have something to hide, then do not use a public means to transmit that information. Ever heard of face to face? Also google could get statistics from other sources other than directly from the user. Your cable company knows what you watch and targets the advertisements you get. Your paying those guys to have a large staff on hand tweaking the algorithms to get your adverts.

  15. AC says:

    Oh abbreviations…
    The first thing I think of when I see “DFU” is … “Don’t F#@K Up”
    GG wrong context.

  16. Gdogg says:

    This is cool, but not really too ‘impressive’… Nest just left open a feature allowing them to flash a custom uboot. I am surprised Nest would keep this functionality in production devices (usually you’d just burn a fuse that the bootrom checks before booting to this mode).

    • nsayer says:

      Why should they? They have no particular interest in preventing you from fouling your own nest. It’s not like a BluRay player where they need to protect someone else’s intellectual property from the user to whom they sell the device.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,311 other followers