Software bug makes Nest Cams vulnerable to hacks
An IoT hacker has uncovered a bug that temporarily disables Nest and Dropcam cameras over Bluetooth.
Mobile security and IoT hacker Jason Doyle has uncovered and published three vulnerabilities in the Nest Cam Indoor, Nest Cam Outdoor, Dropcam Pro and Dropcam security cameras. Here's how Doyle described one of the bugs in his post:
"It's possible to trigger a buffer overflow condition when setting the SSID parameter on the camera. The attacker must be in bluetooth range at any time during the cameras powered on state. Bluetooth is never disabled even after initial setup."
That may sound involved, but it basically means folks aware of this glitch can temporarily knock out a Nest Cam's feed when they're within Bluetooth range. The same goes for the other two glitches -- all of which involve relatively little coding, as Doyle outlines on GitHub.
"Nest is aware of this issue, developed a fix for it and will roll it out to customers in the coming days," a Nest representative told me Thursday via email. Doyle's GitHub post says he alerted Nest to the problem in October 2016, though, making the Alphabet company's upcoming firmware fix long overdue.
Nest's $200 (£160 and AU$260 converted) indoor and outdoor security cameras have 1080p live streaming, as well as two-way audio, motion and sound alerts. Customers can add 10- or 30-day continuous video recording with the addition of an optional, fee-based Nest Aware subscription. Nest purchased startup Dropcam in 2014 and used the high-definition Dropcam Pro camera as the inspiration for its next-gen Nest Cams.
