Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vulnerabilities Found in Website of Google-Owned Nest

A security researcher has uncovered several vulnerabilities, including a critical issue that exposed sensitive information, on the website of home automation company Nest Labs.

A security researcher has uncovered several vulnerabilities, including a critical issue that exposed sensitive information, on the website of home automation company Nest Labs.

Evan Ricafort, an expert based in the Philippines, reported his findings to Google, which acquired Nest Labs earlier this year for $3.2 billion in cash.

The most serious of the security holes identified by the researcher is a file upload vulnerability affecting the certified.nest.com subdomain. According to Ricafort, the flaw could have been leveraged to upload a shell that enabled access to the personal and financial details of Nest customers, including credentials, payment card information, and scanned copies of identification documents such as passports and ID cards.

In a video demonstration published last week on his personal blog, Ricafort showed that an attacker could upload arbitrary files by abusing a feature designed to allow members of the Nest Certified Program to upload reseller certificates. By uploading a shell to the website, he claims to have gained access to hundreds of records.

After being informed of the existence of the vulnerability, Google’s security team told Ricafort that the affected domain is run by a third-party vendor and informed him that the company could not authorize him to conduct tests on it. The issue is out of scope so it’s not eligible for a monetary reward, but Google has offered to list the researcher’s name in the company’s “hall of fame.”

“Although it’s a heartbreaking result for an arbitrary file upload vulnerability, I don’t have any choice but to respect their decision,” the expert said.

The security hole has been addressed by restricting access to the certified.nest.com domain. Visitors are now being redirected to pro.nest.com, a domain for those who want the become authorized to sell and install Nest products such as thermostats and smoke alarms.

 On this Nest Pro website, Ricafort later identified two stored cross-site scripting (XSS) vulnerabilities. Google has determined that these issues are eligible for the company’s bug bounty program so it has rewarded the researcher with $100 for each of the bugs.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.