Burn your Nest

I bought a Nest thermostat, a long time ago, before it was acquired by Google.

It was a pretty good piece of hardware. Then, as usual, the geniuses from Google

fucked it up. If that was only that, it would just have been expected. They

started requiring a Google Home account to access the API, severed tons of nice

integrations that were allowing to control it from anything.

Classic Google.

After a little while, when they finally cut the cord on Work-With-Nest API, I

decided it was time to remove the Nest from Internet. Google does not need to

know when I'm home, or how much I heat it. That's none of their business.

So I went with a classic MAC to IP assignation in my router, then add some

firewall rules to prevent it from accessing the net. I had in mind that I would

hack something to control it from the LAN later on.

But then I noticed I could not ping it anymore. I went to look at the Nest to

check its network settings. It stated it was not connected to the Wifi. Strange,

since my router actually reported an unknown client, with a MAC address I have

never seen before. Then, looking at what that IP was doing, I was suprised that

it was actually connecting using HTTPS to a plain IP, directly, without DNS.

This IP was obviously in a subnet part of Google autonomous system.

So this little fucker realized it was banned, spoofed its MAC address to obtain

a different IP, lied on the fact it was not connected at all, while sending some

encrypted bullshit to Google.

Let me tell you that it got disconnected immediately and I changed the Wifi

password. I'm fairly confident this version of Nest does not have any other mean

to communicate. But I would not be so sure with more recent models. I will soon

replace it with something simpler, with just a Z-Wave or Zigbee interface.

If you have a Nest, do yourself a favor, and trash this shit, alongside with

anything coming from Google.

Google is indeed evil.