Patch not released for leaks that could crash Nest cameras

Security researcher Jason Doyle has discovered a trio of vulnerabilities that could be used to crash and restart Google’s Nest cameras. He notified Google of the leaks in October, but no patch is said to have been released so far.

Doyle detailed his findings in a GitHub post. In it, he reports that the leak exists in software with version number 5.2.1, which is present in the Dropcam, Dropcam Pro and the Nest indoor and outdoor cameras. Through two of the three vulnerabilities, the cameras can be restarted within a short distance. This is problematic, according to Doyle, because the cameras cannot record during that time. The attacker must be within the bluetooth range of the cameras.

These vulnerabilities can be used via bluetooth low energy, which is enabled by default after the installation of the cameras. In the first case, by connecting to the camera, an attacker can set a certain ssid causing the device to crash through a buffer overflow and reboot. In the second case, a buffer overflow can also be caused by setting an encrypted password.

The third leak makes it possible to connect the camera to a new Wi-Fi network. This process takes about 60 to 90 seconds, causing a temporary loss of internet connection. Finally, if the camera fails to connect, it will revert to the original network. Doyle states that this can temporarily interrupt the recording of the camera, because there is no local storage available.

The researcher informs The Register that there are no workarounds, because bluetooth cannot be turned off. Google would have confirmed that his report has been received, but the search giant has not said anything after that. A source tells The Register that Google is working on a patch that should be released soon.