Web-connected cameras are great security and monitoring tools that can keep your home safe. With a smartphone or a computer, these cameras allow you to view their live feeds over the internet, essential for home security, surveillance or for keeping an eye on children or pets.
But double check your connected security cameras now because these particular models were found to have vulnerabilities that can allow an attacker to crash them, knock them out or make them stop recording temporarily.
Nest’s outdoor/indoor Nest Cam, Dropcam and Dropcam Pro have been found to have three vulnerabilities that allow would-be burglars to exploit the cameras via Bluetooth to make them stop recording footage.
These exploits, reported to affect firmware version 5.2.1., were discovered by security researcher Jason Doyle and already alerted Nest about them back in October.
No patches have been issued yet at this time but according to Engadget, Nest is “aware of the issue, [has] developed a fix for it, and will roll it out to customers in the coming days.”
The first two bugs allow an attacker to trigger a memory buffer overflow in the cameras by sending super-long Wi-Fi data, such as an SSID name parameter or a Wi-Fi password parameter, via Bluetooth Low Energy (BLE). This overflow causes the cameras to crash and restart.
The third bug lets an attacker trick the cameras to temporarily disconnect from its current Wi-Fi network by sending it a new, non-existent Wi-Fi network SSID to connect to, again via Bluetooth. This causes the cameras to keep attempting to connect to the phantom network then reconnect to the original Wi-Fi network every 90 seconds. This time, the window is vital since Nest cameras depend on the cloud to store their footage. Each disconnection means the cameras temporarily stop recording and saving footage to their internet-based servers.
With these exploits, burglars can then “hide” from these security cameras by repeatedly knocking them out. All it requires is for them to be within Bluetooth range.
And since Bluetooth on these cameras is on by default and can’t be disabled, Doyle said there are no workarounds as of yet unless Nest issues a patch.
“There doesn’t seem to be any reason why [Nest] leaves Bluetooth on after setup unless they need it for future or current integrations,” Doyle told the Register. “Some cameras like the Logitech Circle turn Bluetooth off after setting up Wi-Fi.”
To protect your home
For now, if you own any of these cameras, you probably shouldn’t rely on them for security and disconnect them until a patch is deployed. Since the exploits are now publicly disclosed, tech-savvy burglars will be testing these bugs soon.
You can also opt for a different brand of security cameras altogether. You can browse these excellent cameras at the komando.shop or opt for integrated home security cameras from our sponsor, SimpliSafe.