Comment by Aurornis

3 days ago

> I am not hopeful they will be able to write custom firmware for the thermostats.

If you read the GitHub Readme (typically a better way to judge a project than stalking someone on LinkedIn) you can see that they didn’t write a custom firmware. They modified the Nest firmware to contact different back end servers.

The firmware is the same (they claim) except for modifications to change which server is contacted. They then built a back end to mimic the original Google serves.

4 comments

Aurornis

Reply
torginus  3 days ago

Sounds fishy, if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting, which is somewhat disconcerting.

  • gruez  3 days ago

    >that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting

    Because it uses https? OP gets around this by manually injecting his certificate, but if you have physical access to a device it's generally considered to be game over in most threat models.

  • sedatk  3 days ago

    > if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack

    No. This is a thermostat at your home. It forwards its DNS requests to your router. Feel free to establish whatever security protocols you need there. Or, even better, host your own server.

l9o  3 days ago

Personally, I think this might be an even better approach. The Nest Gen1/2 UI was pretty slick. It would be a shame to have to use a custom firmware.