Several vulnerabilities in Google Nest security cameras allow attackers to force the camera to temporarily stop recording.
A security researcher has identified three vulnerabilities in the Nest firmware version 5.2.1. All three vulnerabilities allow the attackers to use the cameras’ Bluetooth Low Energy (BLE) connectivity to temporarily disable recording or even force the cameras to reboot. The first two attacks use network SSID and password command overflows to crash the cameras and force them to reboot. The third attack commands the camera to connect to a non-existent wireless network, forcing the camera to attempt connection before reconnecting to the previous network. Recording halts while the cameras are rebooting and reconnecting. This buys the attackers 60-90 seconds of time to either get past the cameras, physically damage or remove the cameras, or repeat the attack if necessary.
Cloud recording is the double-edged sword of security devices. The clear advantage is that if the device is destroyed or stolen, the footage leading up the the attack is safely preserved in the cloud. The unfortunate disadvantage is that if the device’s connection to the cloud is disrupted, the device stops recording. Since this vulnerability can be exploited remotely outside the camera’s filed of view, the camera would not be able to record the perpetrators or the events leading up the attack.
Affected camera models include Dropcam, Dropcam Pro, Nest Cam Indoor/Outdoor models. Although BLE is used during the initial setup, it is not disabled afterwards, leaving an active channel to exploit the cameras. At this time, there does not appear to be a way for users to manually disable BLE. Nest should be able to close these vulnerabilities with a firmware update, although the company has not yet communicated a timeline.
*Image copyright Nest Labs.