Nest security cameras can be knocked out via Bluetooth

Burglars could have an easier time breaking in.


Your connected security camera might not be as trustworthy a defense as you think. Security researcher Jason Doyle has published details of three vulnerabilities in the Nest Cam, Dropcam and Dropcam Pro that lets an attacker disable their recording over Bluetooth. Two of them, which rely on sending excessively long WiFi data, will trigger a memory overflow that makes the camera crash and reboot. The third exploit tricks the camera into temporarily disconnecting from WiFi by making it try to connect to another network.

As you've likely noticed, all of these are temporary attacks. However, burglars could still use them to buy precious time when breaking into a home. It only takes a few seconds to cross a room or turn a camera toward the wall, of course. And while Nest's cloud-based video storage is normally an advantage (thieves can't just remove a card to destroy evidence), the disconnection exploit turns that internet feature into a weakness. All of these exploits appear to be avoidable, too. Doyle tells the Register there's no pressing need to leave Bluetooth turned on after the initial setup process, so Nest may be leaving itself unnecessarily vulnerable.

The good news: Doyle disclosed the security holes to Nest, and the company tells Engadget that it's "aware of the issue, [has] developed a fix for it, and will roll it out to customers in the coming days." While there's no workaround in the meantime, this particular issue won't last long. The bigger question is whether or not Nest and rival camera makers will see this as motivation to toughen up their wireless security.