Mobile security and IoT hacker Jason Doyle has uncovered and published three vulnerabilities in the Nest Cam Indoor, Nest Cam Outdoor, Dropcam Pro and Dropcam security cameras. Here's how Doyle described one of the bugs in his post:
"It's possible to trigger a buffer overflow condition when setting the SSID parameter on the camera. The attacker must be in bluetooth range at any time during the cameras powered on state. Bluetooth is never disabled even after initial setup."
That may sound involved, but it basically means folks aware of this glitch can temporarily knock out a Nest Cam's feed when they're within Bluetooth range. The same goes for the other two glitches -- all of which involve relatively little coding, as Doyle outlines on GitHub.
"Nest is aware of this issue, developed a fix for it and will roll it out to customers in the coming days," a Nest representative told me Thursday via email. Doyle's GitHub post says he alerted Nest to the problem in October 2016, though, making the Alphabet company's upcoming firmware fix long overdue.
Nest's $200 (£160 and AU$260 converted) indoor and outdoor security cameras have 1080p live streaming, as well as two-way audio, motion and sound alerts. Customers can add 10- or 30-day continuous video recording with the addition of an optional, fee-based Nest Aware subscription. Nest purchased startup Dropcam in 2014 and used the high-definition Dropcam Pro camera as the inspiration for its next-gen Nest Cams.
CNET Smart Home
What better way to review smart-home tech than from a house meant for that exact purpose?
Aug 17An outdoor security camera for just 100 bucks
Aug 16Google Home starts rolling out voice calling
Aug 16Cute security cam braves the outdoors at a fair price
Aug 14Apple might not ship very many HomePods in 2017, report says