14 DAY TRIAL // Nest's security cameras, the Dropcam and Dropcam Pro, can be wirelessly attacked via Bluetooth and Google has done nothing about this yet.
Discovered by security researcher Jason Doyle a few months back, there are three vulnerabilities in the camera firmware version 5.2.1 which allows them to crash and stop recording footage with the help of Bluetooth. This, of course, is just perfect for all those burglars facing the "inconvenience" of breaking into a Nest "protected" home.
Doyle warned Google about the problem back in October, but there's been no software update thus far, which pushed Doyle to go public with the details of the flaws. Perhaps now Google will finally do something about this problem since it has a track record of fixing vulnerabilities before they are made public.
As mentioned, there are several bugs. For the first one, an attacker can trigger a buffer overflow in the camera by pinging it an overlong Wi-Fi SSID parameter via Bluetooth Low Energy, which causes the gadget to crash and reboot.
The second vulnerability discovered in the Nest firmware is similar, but this time the criminal can send a long Wi-Fi password parameter to the camera which will have the same effect - crash and restart.
The third and final vulnerability Doyle discovered can allow the crook to send the camera a new Wi-Fi SSID to connect to, which forces it to disconnect from the current network. The camera then tries to join the new SSID which doesn't exist, and reconnect to the previous wireless network about a minute and a half later. During this time, the device stops recording any type of footage to its backend. This means the camera can be rendered useless since it can be knocked offline repeatedly.
The worst part is that all an attacker needs, on top of some IT knowledge, is to be in BLE range. Since this is someone who is likely trying to break into your house, that shouldn't be a problem, though.
Bluetooth, integral to Nest cams
There may be a reason why Google hasn't fixed these problems yet, and that's because Bluetooth is a part of the cameras. It is enabled by default and stays on at all times so the devices can be reconfigured at any time. This, unfortunately, leaves them vulnerable to attacks.
Unless Google makes Nest turn off Bluetooth after setup, this will continue to be a problem. At the very least, it could offer users a way to shut down Bluetooth if they wanted to.
The Register reports, however, that Google does have a patch prepared and will push it shortly, although no timeline was provided for this.