Mobile security and IoT hacker Jason Doyle has uncovered and published three vulnerabilities in the Nest Cam Indoor, Nest Cam Outdoor, Dropcam Pro and Dropcam security cameras. Here's how Doyle described one of the bugs in his post:
"It's possible to trigger a buffer overflow condition when setting the SSID parameter on the camera. The attacker must be in bluetooth range at any time during the cameras powered on state. Bluetooth is never disabled even after initial setup."
That may sound involved, but it basically means folks aware of this glitch can temporarily knock out a Nest Cam's feed when they're within Bluetooth range. The same goes for the other two glitches -- all of which involve relatively little coding, as Doyle outlines on GitHub.
"Nest is aware of this issue, developed a fix for it and will roll it out to customers in the coming days," a Nest representative told me Thursday via email. Doyle's GitHub post says he alerted Nest to the problem in October 2016, though, making the Alphabet company's upcoming firmware fix long overdue.
Nest's $200 (£160 and AU$260 converted) indoor and outdoor security cameras have 1080p live streaming, as well as two-way audio, motion and sound alerts. Customers can add 10- or 30-day continuous video recording with the addition of an optional, fee-based Nest Aware subscription. Nest purchased startup Dropcam in 2014 and used the high-definition Dropcam Pro camera as the inspiration for its next-gen Nest Cams.
CNET Smart Home
reading•Software bug makes Nest Cams vulnerable to hacks
Dec 14•Make any speaker an Alexa speaker for $35
Dec 14•Facebook Portal now lets you play Words with Friends and zoom in on your victory dance
Dec 13•Google Assistant learns how to speak Australian
Dec 13•Emerson Sensi Wi-Fi Thermostats recalled due to fire hazard