Google have chosen today, Safer Internet Day, to showcase a number of the security features of the company’s Google Wifi mesh router system. In Google’s blog post they detail a number of features of Google’s high performance Wi-Fi mesh router technology, which the company says was built “from the ground up to be focused on security, with multiple layers of protection.” Google Wifi, which was released at the end of last year, has benefited from over three years of development work and Google are keen to remind customers and potential customers that the technology has been designed to be safe and secure. In short, Google have made their Wifi router difficult to compromise and even though the technology has been placed into Google’s Vulnerability Reward Program, none have yet to be discovered. This program was started in 2010 and can pay a bounty of up to $20,000 to people discovering and reporting critical security bugs.
The first security feature of Google Wifi is that the device uses “Verified boot,” which means it will not boot up unless it verifies it is running official Google Wifi software. Furthermore, Google explain that in order to make any changes to the Google Wifi router settings, customers must use the official Google Wifi mobile application for either Android or iOS devices, which uses similar security software as found with Google’s other products and services, such as Gmail. The idea behind using this system is that it means the Google Wifi router will only allow changes to the settings if they have been received from an authenticated source.
In common with other routers, Google Wifi receives firmware updates via the Internet, which are automatically applied to keep the device secure with the latest fixes. Google’s website explains how some routers are potentially vulnerable to “botnets,” which it describes as being “similar to viruses on computers.” Botnets can be used to steal data being transferred via the network or to control the router and partake in hack attacks such as denial-of-service. In such cases, these botnets may be removed by a software update to the router. This may not be an easy process for the home user. Fortunately, the Google Wifi router has software updates and patches automatically pushed to it via the Internet, so from a user perspective the technology is maintenance free and in Google’s words, is “always one step ahead of vulnerabilities.”
The next aspect of Google Wifi security concerns how the device uses mesh network technology to provide complete coverage of the home. The Google Wifi mesh technology allows multiple Wi-Fi points cooperate with one another in order to provide complete coverage and communicate with one another via machine generated, long and complicated passwords. For the Google Wifi router, these passwords are not permitted to leave the home network and are re-established should the home network change (for example, a Wi-Fi point is added or removed). The Google Wifi router will not use a wireless technology that isn’t secure in order to communicate with a device on the network, and it will only use Wi-Fi points that it knows and trusts.