Nest didn’t act on scary camera security holes for 5 months until they were made public

Nest Cam

Well, this is just plain bad. Apparently, a security researcher named Jason Doyle discovered 3 different vulnerabilities in Nest’s firmware which makes it possible to knock the cameras offline for anywhere between 30 and 90 seconds.

The methods involve using Bluetooth to send problematic WiFi SSID names and passwords to the camera, passwords far longer than they can handle. This causes them to crash and reboot. Another issue allows you to go as far as forcing the device to try and connect to a new SSID, which — upon failure — causes a more lengthy downtime of about 90 seconds.

In any of these cases, the security hole isn’t in a hacker’s ability to view your footage, but a way to manipulate the cameras to initiate more nefarious actions such as breaking into the home undetected.

But that thought itself isn’t even the scariest thing about this whole story. The scariest of all is that Nest and Google knew all of this 5 months ago when they were privately reported through Google’s Vulnerability Rewards Program which pays people to help find security bugs. Google did acknowledge the bug and mentioned that an investigation was underway, but it was seemingly swept under the wrong as a non-integrated acquisition bug, valued at a meager $100 (or otherwise seen as unimportant compared to some of the stuff that you can get up to $20,000 for).

So, we’re not sure why it took Nest and Google so long, but the publication of this vulnerability has forced their hand and now a fix has appeared out of thin air for them to distribute within the coming days. It’s sad that it had to come this far, but now we know.

[via The Register]

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

2017’s emojis are still being refined, and yes, there’s still a breastfeeding emoji

Previous article

Watch the Mobile Roar Podcast LIVE at 2PM Eastern!

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in Misc