Bluetooth Bug Lets Burglars Disable Google Nest Cams

Share this…

Burglars can use a recently disclosed security flaw affecting several Google Nest cams to make vulnerable cameras go offline for approximately 60 to 90 seconds.

The flaw can be exploited via the cameras’ Bluetooth connection and can provide thieves with the time window they need to get close and break into a home unseen, and later disable the camera for good.

Discovered by security researcher Jason Doyle, the security flaw affects version 5.2.1 of the firmware installed on Google Nest Indoor and Outdoor cams, as well as Dropcam and Dropcam Pro models.

Nest says a patch is coming

Doyle says he contacted Google’s Nest Labs last October but hasn’t heard back since. The researcher went public with details about the bug last Friday, March 17, trying to warn Nest cam owners about this unfixed exploitation vector.

Contacted by Bleeping Computer, a Nest Labs representative confirmed there’s no fix for the issue yet, but one is coming soon.

“Nest is aware of this issue, developed a fix for it, and will roll it out to customers in the coming days,” the Nest spokesperson said.

Bug forces Nest cams offline

The flaw, according to Doyle, allows an attacker to use the camera’s built-in Bluetooth connection to force-feed it a new WiFi network SSID.

The camera disconnects from its current WiFi network and attempts to connect to the new one. It takes between 60 and 90 seconds until the camera realizes there’s no nearby WiFi network with that SSID, and automatically returns to the previous WiFi network.

During this interval, burglars can move without fear, as the camera won’t be able to record footage. Nest cams rely on their WiFi connection to send recorded footage to a storage server. If the WiFi connection goes down, so does its recording capability.

Attack can be replayed for longer downtimes

Intruders can replay an attack and keep the camera offline while they go around a house, and manage to locate the camera and destroy it or disconnect it for good.

This vulnerability is part of a trifecta of bugs the researcher disclosed last Friday, also affecting Nest cams, and also unpatched.

The other two allow attackers to use the same Bluetooth connection to crash and reboot the camera by providing SSID or password values much larger than the ones expected by the device (buffer overflow bugs). These bugs, too, could be used to cause short interruptions in the camera’s operation and help hide intrusions.