Google Nest Camera Bug Enables Burglars To Shut Off Recording Via Bluetooth

Google’s Nest smart surveillance camera has a bug in its firmware that enables burglars to disrupt the feed from being recorded by establishing a Bluetooth connection.

The vulnerability in the software enables savvy crooks to trigger a buffer overflow whereby a program writing data to a memory buffer overruns it’s boundaries and overwrites adjacent memory, in the SSID parameters of the camera when in Bluetooth range.

This has the effect of knocking the Nest camera off the Wi-Fi network it is connected to for 90 seconds, essentially severing its ability to record video feed for a small window of time which burglars can exploit to gain unspotted access to a property. The attack can be repeated, so criminals can keep the camera off the network while they search a property for valuables.

Nest nasty

“It’s possible to temporarily disconnect the camera from Wi-Fi by supplying it a new SSID to connect to. Local storage of video footage is not supported by these cameras so surveillance is temporarily disabled. The attacker must be in Bluetooth range at any time during the cameras powered on state. Bluetooth is never disabled even after initial setup,” explained security researcher Jason Doyle, who discovered the bug and posted details of it on GitHub.

The current Nest cameras affected by the bug include the Dropcam, Dropcam Pro, Nest Cam Indoor/Outdoor models running the firmware version 5.2.1.

Doyle had reported the bug to Google last year, but he told The Register that as he was not convinced it had been patched he published the details of the bug on GiHub.

The worrying thing about the bug is the inability to shut off the camera’s Bluetooth connection, meaning users aware of the flaw can do little to combat against it.

Nest has now patched the flaw with a spokesperson from the company telling Silicon : “All Nest camera customers now have the updated software. To our knowledge, no customer’s camera was ever affected by this issue and customer video remained safe. This isn’t the first time we’ve updated our security measures, and it won’t be the last, as we continue to look for ways to improve our products, such as the introduction of two-factor authentication last month.”

The rise of the Internet of Things (IoT) is making an increasing amount of object smarter and more connected, but with that comes the risk of being hacked or exploited. Unfortunately, cyber security in such devices has yet to be standardised and is often incorporated as an afterthought.

The nest big is yet another example of the security risks such smart devices can bring. Now that is not to say businesses and society should rally against the adoption of IoT tech, but people and companies looking at making their homes and offices smart would be wise to ensure enough thought is given to cyber security.

Quiz: What do you know about the IoT?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

6 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

7 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

8 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

10 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

12 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

13 hours ago