Bug on Google Nest cameras left unpatched since last year

Bug on Google Nest cameras left unpatched since last year

Bug on Google Nest cameras left unpatched since last year

Google's Nest Dropcam, Dropcam Pro, Nest Cam Indoor and Outdoor smart home cameras have bugs that allow intruders to use Bluetooth to stop them from recording for up to 90 seconds.

The researcher who found the bugs says he informed Google back in October 2016 but has waited until now to publish his findings because the smart home company didn't patch them.

In what seems like a very easy way of manipulating the system until it crashes, all three bugs are workable using just Bluetooth. They are all within the firmware version 5.2.1.
A look at the list and exploits by Jason Doyle,the researcher, relating to the Google Nest Bluetooth-related bug show that a buffer overflow in the camera is triggered when a very long Wi-Fi SSID parameter is pinged to it using Bluetooth Low Energy (BLE). Send a long Wi-Fi password parameter to the camera and it crashes and reboots too, as well as when the camera is sent a new Wi-Fi SSID to connect to.

Vectra discovers Wi-Fi security web camera vulnerability

This confuses the system so it disconnects from its current network and tries joining the new SSID. Ilf we assume that this doesn't exist, it then reconnect to the previous wireless network about 90 seconds later. 'It's possible to temporarily disconnect the camera from Wifi by supplying it a new SSID to connect to. Local storage of video footage is not supported by these cameras so surveillance is temporarily disabled. The attacker must be in bluetooth range at any time during the cameras powered on state. Bluetooth is never disabled even after initial setup,' said Doyle in his public log of the issue.

Security concerns as UK police adopt body-worn cameras

As on-device storage cards can be removed or tampered with, many security camera companies like Nest, Ring and Y-Cam record and store images and video on the cloud so they can be accessed by home owners anytime and anywhere. And it is this vulnerability that intruders will be able to exploit with these three bugs.

When asked about a solution to the issue, Doyle told The Register: 'As far as workarounds, since you can't disable Bluetooth, I'm not sure there are any. There doesn't seem to be any reason why [Nest] leaves Bluetooth on after setup unless they need it for future or current integrations. Some cameras like the Logitech Circle turn Bluetooth off after setting up Wi-Fi."

Nest said this about the bug:
Nest is aware of this issue, developed a fix for it, and will roll it out to customers in the coming days.
Robots could damage your cyber security

Copyright Lyonsdown Limited 2020

Top Articles

Hackers exploited critical flaws in Accellion FTA to steal client data

Accellion suffered a breach in December that compromised more than 100GB of sensitive data associated with the its enterprise customers.

Hacker stole 3.3m customer data records from Filipino loan firm Cashalo

Cashalo, a digital credit company in the Philippines, suffered a massive breach that compromised over 3.3 million customer data records.

A lack of manpower is exposing the world’s cyber-vulnerabilities

As well as investing in talent, the cyber security industry needs to promote transparency and global cooperation

Related Articles