Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Multiple Vulnerabilities Uncovered in Google Nest Cam

A security researcher took it to GitHub to disclose information on multiple vulnerabilities allegedly affecting Nest Cam and Dropcam Pro devices after receiving no response from Google for several months.

A security researcher took it to GitHub to disclose information on multiple vulnerabilities allegedly affecting Nest Cam and Dropcam Pro devices after receiving no response from Google for several months.

The issues were discovered by security researcher Jason Doyle and affect the devices’ Bluetooth connectivity, allowing an attacker to access the affected device remotely or knock it offline for 60 to 90 seconds. Basically, a burglar capable of shutting the camera down could slip past it unnoticed.

Doyle revealed that three vulnerabilities impact the Bluetooth (BLE) connectivity of Dropcam, Dropcam Pro, Nest Cam Indoor/Outdoor models running firmware version 5.2.1. The researcher reveals that Google, which bought Nest several years ago, was notified on the issue on October 26, 2016. The company even acknowledged the bugs, but hasn’t released a fix to date.

The first bug is a buffer overflow condition that can be triggered when setting the SSID parameter on the camera. According to the researcher, an attacker exploiting the issue would have to be within Bluetooth range at any time during the camera’s powered on state. This is possible, however, because Bluetooth on the device is never disabled, not even after initial setup.

Another buffer overflow condition can be triggered when setting the encrypted password parameter on the camera. Similarly, the attacker must be in Bluetooth range of the device. The attack results in the camera to crash and reboot back to operational state.

The third issue, the researcher reveals, could allow an attacker to temporarily disconnect the camera from its Wi-Fi connection by supplying it with a new SSID to connect to. Because the affected cameras don’t come with support for local storage of video footage, the surveillance capabilities of the targeted device are temporarily disabled.

This attack can be leveraged to knock the camera offline while it attempts association with the newly set SSID. The device goes offline for around 60-90 seconds before re-connecting to the original Wi-Fi network and resuming normal operation.

The security researcher published all of the details pertaining to the three vulnerabilities, complete with example exploits.

Related: Backdoor Found in Many Sony Security Cameras

Related: Hundreds of Thousands of IP Cameras Exposed to IoT Botnets

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.