Security Researchers Find Several Bugs in Nest Security Cameras

Hackers could have logged into your Nest Cam IQ Indoor and watch whatever was happening in your home by taking advantage of a vulnerability found by security researchers. The hackers could have also prevented you from using the camera, or use access to it to break into your home network.

Nest Cam IQ is the highest-end security camera made by Google, with features like s security enhanced Linux in Android, Google Assistant, and even facial recognition. These features mean that a vulnerability in this model could give hackers more access than a vulnerability in other similar networked cameras.

Researchers Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered the vulnerabilities and disclosed them publicly on August 19. The two found eight vulnerabilities that are based in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices.

Nest has provided a firmware update that the company says will fix the vulnerabilities. The vulnerabilities apply to version 4620002 of the Nest Cam IQ indoor device. You can check the version of your camera on the Nest app. Nest says that the updates will happen automatically if your camera is connected to the internet.

“We’ve fixed the disclosed bugs and started rolling them out to all Nest Camera IQs,” Google said in a statement to ZDNet. “The devices will update automatically so there’s no action required from users.”

The most severe vulnerability is a brute-force pairing attack, which can allow an attacker to take over operation of the camera by finding a six-character code that allows pairing of the camera. While it could take up to a month of trying to figure out the code, once found the code remains the same even if the camera reboots. If the camera hasn’t been configured, the attacker could even add it to his own Nest account and have complete control over the victim’s camera.

The next most serious vulnerability is one that allows an attacker to get a copy of whatever information is already in the camera. This information could include details on the configuration of the network to which the camera is connected to, potentially highly valuable information to an attacker.

The denial of service attacks on the camera allowed an attacker to prevent you from using it. Depending on the type of attack, the camera might be permanently disabled, or simply unavailable to you when you need to use it.

“I’m not surprised,” said security researcher Alissa Knight when she learned of the Cisco Talos report. Knight, who is a senior analyst with the Aite Group, has been focusing her research on networked cameras, and is finding dozens of similar vulnerabilities in cameras from other makers.

“The problem is systemic across multiple camera brands,” Knight said. She noted that Nest, like other makers, chooses functionality over security, which means that security often remains an afterthought. Knight said that this has allowed her to gain access to cameras in places such as casinos and banks where security is supposed to be critical.

Ideally, IoT devices such as cameras should be on a different network from other devices such as computers, but Knight said that this isn’t always feasible for home or small business users. However, she said it’s crucial that passwords be changed as soon as possible during the camera configuration, and that firmware updates be applied as soon as they’re available, including as soon as the camera is put into service.

The researchers at Cisco Talos passed their findings along to Nest and Weave and worked with them to make sure an update was available before releasing their findings to the public. However, these cameras won’t be secure until the firmware update is applied to existing Nest Cam IQ indoor cameras.

And unfortunately, it won’t help the thousands of other networked cameras on the market or already in service made by companies where security was an afterthought.

“These vulnerabilities seem to be endemic,” Knight said.

Subscribe to our new cybersecurity podcast, CYBER.