Latest in Gear

Image credit:

Nest security cameras can be knocked out via Bluetooth

Burglars could have an easier time breaking in.
Jon Fingas, @jonfingas
March 22, 2017
Share
Tweet
Share

Sponsored Links

AOL

Your connected security camera might not be as trustworthy a defense as you think. Security researcher Jason Doyle has published details of three vulnerabilities in the Nest Cam, Dropcam and Dropcam Pro that lets an attacker disable their recording over Bluetooth. Two of them, which rely on sending excessively long WiFi data, will trigger a memory overflow that makes the camera crash and reboot. The third exploit tricks the camera into temporarily disconnecting from WiFi by making it try to connect to another network.

As you've likely noticed, all of these are temporary attacks. However, burglars could still use them to buy precious time when breaking into a home. It only takes a few seconds to cross a room or turn a camera toward the wall, of course. And while Nest's cloud-based video storage is normally an advantage (thieves can't just remove a card to destroy evidence), the disconnection exploit turns that internet feature into a weakness. All of these exploits appear to be avoidable, too. Doyle tells the Register there's no pressing need to leave Bluetooth turned on after the initial setup process, so Nest may be leaving itself unnecessarily vulnerable.

The good news: Doyle disclosed the security holes to Nest, and the company tells Engadget that it's "aware of the issue, [has] developed a fix for it, and will roll it out to customers in the coming days." While there's no workaround in the meantime, this particular issue won't last long. The bigger question is whether or not Nest and rival camera makers will see this as motivation to toughen up their wireless security.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

‘Cyberpunk 2077’ update introduced a game-breaking bug

‘Cyberpunk 2077’ update introduced a game-breaking bug

View
A personal trainer app guilt-tripped me into exercising (and it worked)

A personal trainer app guilt-tripped me into exercising (and it worked)

View
Huawei may spin off its P and Mate smartphone brands

Huawei may spin off its P and Mate smartphone brands

View
Apple shuffles hardware execs to make room for a mysterious new project | Engadget

Apple shuffles hardware execs to make room for a mysterious new project | Engadget

View
Scientists find a cloudless 'hot Jupiter' exoplanet with a four-day year

Scientists find a cloudless 'hot Jupiter' exoplanet with a four-day year

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr