Google Nest Learning Thermostat 4th Generation
From Wiki-IoT
Classification
| Google Nest Learning Thermostat 4th Generation | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | 1 |
| Classification date | 2025-10-17 |
| Information | |
| Name | Google Nest Learning Thermostat (4th generation) |
| Brand by Parent | Google (Nest Labs) by Google LLC (Alphabet Inc.) |
| Generation | 4th gen |
| Model(s) | GA01331-US, GA01332-US, GA01333-US (colour variants) |
| Release date | 2024-08-20 |
| Type/Category | Smart learning thermostat |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 98 × 98 × 27 mm (display diameter 84 mm) |
| Mass | 161.8 g (display only) |
| Operating system | Cast OS (Linux-based, closed) |
| Companion App | Google Home (iOS/Android) |
| CPU | ARM Cortex-M33 + AON co-processor (Google Tensor T9002 secure SoC) |
| GPU | None |
| Memory | 64 MB LPDDR4 |
| Storage | 512 MB eMMC (AES-256 encrypted) |
| Battery | 1 × CR2 lithium (backup for power-loss clock), user-replaceable |
| Power | 24 V AC (C-wire) or 12–24 V DC; 5 V ⎓ 1 A USB-C debug port |
| Charging | Not applicable (mains-powered) |
| Display | 2.68″ borderless touch LCD, 240×320, ambient-light + Soli radar |
| Camera | None |
| Sound | 1× speaker for setup tones, 1× microphone (voice match disabled) |
| Connectivity | Wi-Fi 6 (802.11 b/g/n/ax) 2.4/5 GHz, Thread (802.15.4), Matter, BLE 5.0 |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Rare | [2] | Security screws + epoxy on test pads; no public UART dump yet |
| Known vulnerabilities | Rare | [3] | Zero CVEs against 4th gen as of 2025-09 |
| Prior attacks | None | [4] | No recorded botnet or large-scale abuse |
| Updatability | Very common | [5] | Automatic, forced OTA every 6 weeks; rollback protection |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [6] | Google-Account + OAuth 2.0 + 2FA mandatory since 2023 |
| Communications | Encrypted with up-to-date encryption | [7] | TLS 1.3, AES-256-GCM, certificate pinning, mutual auth |
| Storage | Encrypted with up-to-date encryption | [8] | eMMC AES-256-XTS, keys in Google Titan-M2 secure element |
| Category score | 1 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | Family group, role-based access, device-level revocation |
| Authentication | Secure | [10] | Google-Account + 2FA (TOTP, WebAuthn) |
| Brute-force protection | Exist | [11] | Google-Account lock-out & CAPTCHA after 5 failed attempts |
| Event logging | Access event logged | [12] | JSON export via Device-Access API; 30-day retention, tamper-evident |
| Passwords | Require change after setup | [13] | 8-char min, no reused Google password, breached-password detection |
| Category score | 2 | ||
| Grade | A- |
|---|
