Google outlines new security practices for Nest devices
Google is outlining new security standards for its Nest smart home devices and updating its privacy commitments as part of an effort to make its positions on both privacy and security more straightforward for Nest users.
Google said its new Nest security practices include adopting standards Google has long held as well as implementing new updates that are specific to Nest’s connected home devices and services.
Specifically, Google will begin certifying Nest devices sold in 2019 or later using an independent security standard, including those developed by the Internet of Secure Things Alliance (ioXt). The company will also publish the validation results that explain how its products hold up to those standards, and will assess new products against the standards prior to launch.
Meanwhile, Google said Nest will now participate in the Google vulnerability rewards program, which pays outside security researchers for finding vulnerabilities and reporting them to the Nest Security team. Google has also committed to patching critical issues known to Google Nest, promising automatic bug and security fix support for a minimum of 5 years.
Nest devices will also be added to the Google device activity page to give users visibility into which devices are connected to their account.
It’s worth noting that Nest users have already had access to these security protections, providing they coupled their devices with an active Google account.
In terms of privacy, Google said it has updated a section in its privacy commitments to better reflect its focus on openness. Nest product manager Ryan Campbell said in a blog post:
Two years ago Nest shared our commitments to privacy to give you a better understanding of how our products work in your home. Today, we’re publishing new security commitments and putting it all in one place: Nest’s new Safety Center. The Safety Center is meant to give you a clear picture of the work we do each day to build trustworthy products and create a safer and more helpful home.
Finally, we want to acknowledge the way this technology is evolving — for example, our recent announcements on Matter and our work on Project Connected Home over IP ). That’s why we’ve updated a small section in our privacy commitments to better reflect our focus on openness.
Google’s latest security updates to the Nest product family builds on changes made by Google to try and bolster the security posture of its products. In February 2020, Google rolled out two-factor authentication (2FA) to Nest devices, and prior to that, reCAPTCHA Enterprise was integrated with Nest accounts to mitigate the risk of credential stuffing attacks.