[frederic] One of their team tells a story about a Google Nest Hub (2nd generation) hack – it runs Ubuntu, bypassing Google’s boot image signature check. Much like a good hack, it starts with a picture of the FCC website. Reverse-engineering a charger and USB keyboard pin-out, they found a UART connection and disconnected it with a custom adapter. With a debug console and insights into the process, they continued hacking, smashing pieces with hardware and software until it was done.
This story provides lots of background and insight into both the code being searched and the method of attack targeting. Through phishing, they found a buffer overflow in bootloader code that could be triggered by a non-standard block size. These are hard-coded in USB flash drives, so they create a special firmware for a Pico and, after that, achieve code execution. Then, they bypass the signature checks on the boot image, engage in Ubuntu functions, and load Ubuntu.
This is a great documentation of the hacking journey and an exciting reading to boot (Pang intended). The bug seems to have been patched for half a year now, so you probably won’t be able to flash your Google Nest on Ubuntu anymore. However, you may be able to run an up-to-date Linux on your Amazon Echo.
We thank you [Sven]