Green Light Or No, Nest Cam Never Stops Watching

chicksdaddy writes: How do you know when the Nest Cam monitoring your house is "on" or "off"? It's simple: just look at the little power indicator light on the front of the device — and totally disregard what it is telling you. The truth is: the Nest Cam is never "off" despite an effort by Nest and its parent Google to make it appear otherwise. That, according to an analysis of the Nest Cam by the firm ABI Research, which found that turning the Nest Cam "off" using the associated mobile application only turns off the LED power indicator light on the front of the device. Under the hood, the camera continues to operate and, according to ABI researcher Jim Mielke, to monitor its surroundings: noting movement, sound and other activity when users are led to believe it has powered down.

Mielke reached that conclusion after analyzing Nest Cam's power consumption. Typically a shutdown or standby mode would reduce current by as much as 10 to 100 times, Mielke said. But the Google Nest Cam's power consumption was almost identical in "shutdown" mode and when fully operational, dropping from 370 milliamps (mA) to around 340mA. The slight reduction in power consumption for the Nest Cam when it was turned "off" correlates with the disabling of the LED power light, given that LEDs typically draw 10-20mA.

In a statement to The Security Ledger, Nest Labs spokesperson Zoz Cuccias acknowledged that the Nest Cam does not fully power down when the camera is turned off from the user interface (UI). "When Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time," Cuccias wrote in an e-mail. "With that said, when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings." The privacy and security implications are serious. "This means that even when a consumer thinks that he or she is successfully turning off this camera, the device is still running, which could potentially unleash a tidal wave of privacy concerns," Mielke wrote.

video transmission

[NostalgiaForInfinity]

With that said, when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings

That should be easy enough to check, shouldn't it?

Re:video transmission

[Lumpy]

Yep, yet these morons did not even try to look for that. Honestly the whole "story" is a bunch of speculation from people that dont know anything at all about the technology they are looking at.

Reasons why I don't like the Internet of Things.

Here's a list of reasons why I don't like the Internet of Things:

1) Internet of Things devices could watch me while I sleep.

2) Internet of Things devices could watch me while I pee.

3) Internet of Things devices could watch me while I make kaka.

4) Internet of Things devices could watch me while I pleasure myself.

5) Internet of Things devices could watch me while I wash my body in the shower.

6) Internet of Things devices could watch me while I relax in the tub.

7) Internet of Things devices could watch me while I brush my teeth.

8) Internet of Things devices could watch me while I make passionate love to my wife.

9) Internet of Things devices could watch me while I brush my hair.

10) Internet of Things devices could watch me while I read a book.

11) Internet of Things devices could watch me while I read Slashdot.

12) Internet of Things devices could watch me while I bake cake.

13) Internet of Things devices could watch me while I put in my contact lenses.

14) Internet of Things devices could watch me while I get ready to play golf.

15) Internet of Things devices could watch me while I do my laundry.

16) Internet of Things devices could watch me while I think about rugby.

17) Internet of Things devices could watch me while I tie my shoes.

18) Internet of Things devices could watch me while I celebrate the 4th of July.

19) Internet of Things devices could watch me while I water my flowers.

20) Internet of Things devices could watch me while I eat ham.

21) Internet of Things devices could watch me while I use my stapler to staple documents.

22) Internet of Things devices could watch me while I chew bubble gum.

23) Internet of Things devices could watch me while I check the oil in my car.

24) Internet of Things devices could watch me while I look for my TV remote.

25) Internet of Things devices could watch me while I blow my nose.

26) Internet of Things devices could watch me while I rearrange my stamp collection.

27) Internet of Things devices could watch me while I listen to the Backstreet Boys.

28) Internet of Things devices could watch me while I do my calisthenics.

29) Internet of Things devices could watch me while I search for a paper clip.

30) Internet of Things devices could send information about me to advertisers.

31) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I sleep.

32) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pee.

33) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make kaka.

34) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pleasure myself.

35) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I wash my body in the shower.

36) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I relax in the tub.

37) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my teeth.

38) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make passionate love to my wife.

39) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my hair.

40) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read a book.

41) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read Slashdot.

42) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I bake cake.

43) Internet of Things devices could let advertisers use the data unsuspectingly coll

Idiots

So, when faced with the question of 'does this device stop transmitting to the cloud' the "researcher" decided to monitor the power consumption of the device as opposed to, you know, seeing it if is actually transmitting video to the cloud?

How does stuff like this make it to the front page?

Re:FUD at least sort of.

[vivaoporto]

Not FUD at all. There is an expectation when you turn of a camera / motion detector that it will stop performing its main function (filming, detecting motion) and just do nothing instead.

imagine a faucet that, when turned off, instead of stopping the flow of water it simply closed the loop in the sink, storing the water somewhere locally for further reuse.

People would not appreciate the fact that it is not letting the water go away because they want the faucet to stop running water when off.

Yep

[markdavis]

>"The truth is: the Nest Cam is never "off" despite an effort by Nest and its parent Google to make it appear otherwise."

And this surprises anyone? I work on the EXPECTATION that equipment that uses cloud services outside my control, and is not open source, and always connected to the Internet is just that.... uncontrolled.

Even if it were "off", there is nothing to prevent it from being turned on remotely or being changed to do so with an automatic update. Promises made by companies mean almost nothing to me... if you can even understand them when it is followed by 10 pages of incomprehensible legal jargon.

And then there are the security risks that have nothing to do with the manufacturer. If it is connected, it can be compromised by someone.

There is a reason I don't have certain devices in my home. This stuff is going to get worse and worse. People should probably reflect on why one wants or needs everything to be connected to a third-party service or always connected to the Internet. Just because it seems "cool" doesn't mean it is a great idea or that there is no potential hidden cost.

Fuck IOT

[GerryGilmore]

Look, I'm not a Luddite by any means (got started with Data General back in 1976 but am currently in development of a web-based app using Laravel, so - welcome to my lawn!), but the current trend of "internet-ize everything and we'll figure out security, basic expectations, etc. later" is ridiculous! I love my flat-panel TV but, when it comes time to buy my next one, it will NOT be a "smart" TV. A TV is a fucking receiver - period. I'm OK with having it (STV) as an option on models clearly marked as such, and I know that some of the FB/Twitter-oriented crowd will just love the idea of sharing what they're currently watching, commenting on it, etc. But.....count me TF out!

Re:non-story

[Dereck1701]

If its not transmitting the data to the internet, and doesn't have the capacity to store video/audio streams itself its not "recording". That said any device with a video/audio input should have hardware based light indicating if that capability is powered or not. No form of software updating/hacking should be able to disable that functionality.

Re:FUD at least sort of.

[Daetrin]

#1 It's a spokesman for Nest saying that it isn't transmitting when you think you've turned it off.

#2 If the device is already hardwired to allow it to shut down the LED without shutting down the camera then it's only one software update/hack away from transmitting while it appears to be off. (Assuming that such a "feature" hasn't already been included and is just waiting for a signal to activate.)

I don't think i tend towards excessive paranoia, but having a camera attached to the internet with a power switch which doesn't actually power it down seems a bit sketchy to me. Even if Nest/Google the corporation has fully honorable intentions the situation still seems liable to potential abuse.

flawed "research"

[lophophore]

30 mA will light most modern LEDs screaming bright. Or very bright, at least.

Deciding that the camera is not uploading images to the cloud based on power consumption is like deciding that water is wet by looking at clouds... I did not see any mention of ethernet packet capture in TFA. You want to see if the thing is uploading? show me some captured packets.

The argument is specious at best. It is a wireless camera, administered over an internet connection. In "power down" mode it still needs a way to be powered back on -- so it needs to keep its microprocessor and wifi radio on.

The researcher says that power down mode should reduce current by 10-100 times. Let's see. 1/10 of the 322 mA cited for 360p "video record -- no motion" would be 32 mA. I'm gonna go out on a limb here and say you cannot run a microprocessor and wifi radio at that power level. And the 1/100th? 3.2 mA? NFW.

TFA is a troll, perhaps by a shill. it is a crock of shit, and it stinks.

Crappy engineering

[FrankSchwab]

So, to have an IOT thermostat I have to give it around 350 ma @ 5 v (over 1.5 watts) 24 hours a day, 7 days a week? That's roughly 13 kWh over the space of a year.

It must be nice to design devices where someone else has to pay for the sloppy engineering.

/frank

Trust

[gurps_npc]

We all know we can trust google (owner of Nest) to:

1) Respect our privacy

2) Ignore/Fight NSA warrants to let them use the Nest to look into your home with the light turned off.

3) Write perfect code so that crackers/hackers will never get in and play with it.

On second thought, these things should be sold with camera covers.

Re:Reasons why I don't like the Internet of Things

[JaredOfEuropa]

I'm a fan of home automation (a hobby of mine that's increasingly turning into a business). I, and many fellow HA enthusiasts, are firm proponents of the LAN of Things, or even a Separate Network - Controlled By a Hub That is Only Allowed To Connect To the Internet Under Strict Conditions - Of Things. There are plenty of useful ways to automate your home (no, nothing essential or life-changing, but sometimes very convenient), but very little of that requires data to leave the house. And when it does, it should only happen on your own terms. And cameras? The ones around my house have their power cut off externally when we're home, and show a light when they are on (a separate dumb LED on the same power supply). No use taking any chances there.

Re:FUD at least sort of.

[MobileTatsu-NJG]

So whether its camera is all the way off or in warm standby isn't very relevant to privacy if no information is being sent out.

How do we know it's not storing images to transmit once the go-button is pushed again?

Re:Reasons why I don't like the Internet of Things

[Ol+Olsoc]

I'm a fan of home automation (a hobby of mine that's increasingly turning into a business). I, and many fellow HA enthusiasts, are firm proponents of the LAN of Things, or even a Separate Network - Controlled By a Hub That is Only Allowed To Connect To the Internet Under Strict Conditions

Like over my cold dead body?

Would you give a warrantee tghat my Washing machine or toaster or heating system will never ever be hacked?

I love technology, a lot more than many slash dotters do.

But nothing has ever been put out to be attached to the interwebz has ever been secure.

And at the tender mercies of people like this:

http://specialreports.dailydot...

There are people out there who fuck with people just because they can - and I'm supposed to give them control of my furnace when I'm on vacation in the winter? Shut that sucker off, pipes break, and they have destroyed my house.

I don't want to have daily mandatory security updates for my refrigerator, or run the risk of some misanthropic sociopath will turn it off for the Lulz. Maybe I pissed off some Slashdotter, so it's time to burst the pipes. Or do you LoT masterminds have insurance against that sort of thing?

Re: non-story

Wifi should be completely off.

You are saying that a wireless product whose main functionality is "you can turn it on and off from the internet" should turn its wifi completely off when it is turned off (from the internet). I'm not a hardware engineer, but there my be some problems with that approach that are not completely trivial to solve.