Burglars Can Easily Make Google Nest Security Cameras Stop Recording

Orome1 quotes a report from Help Net Security: Google Nest's Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that's in their Bluetooth range. The vulnerabilities are present in the latest firmware version running on the devices (v5.2.1). They were discovered by researcher Jason Doyle last fall, and their existence responsibly disclosed to Google, but have still not been patched. The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively. Triggering one of these flaws will make the devices crash and reboot. The third flaw is a bit more serious, as it allows the attacker to force the camera to temporarily disconnect from the wireless network to which it is connected by supplying it a new SSID to connect to. If that particular SSID does not exist, the camera drops its attempt to associate with it and return to the original Wi-Fi network, but the whole process can last from 60 to 90 seconds, during which the camera won't be recording. Nest has apparently already prepared a patch but hasn't pushed it out yet. (It should be rolling out "in the coming days.")

Nothing to worry about

[JaredOfEuropa]

Judging from footage, burglars seem to fall into two categories: the amateur criminals of opportunity who simply smash a window and make off with whatever they can get, or fail comically. And the more professional burglars who take a few very simple precautions, come in wearing hoodies and gloves, and leave in minutes. They are professional in the sense that they know how to enter a home quickly without making too much noise, spot homes where the owners are absent and the take is likely to be high, and know which valuables to grab and where they are usually "hidden". But they certainly do not employ any sophisticated methods to bypass alarms or defeat security cameras. They simply skip homes with alarms or ignore their presence depending on how long they are expecting to hang around, and make sure they cannot be recognized with the aforementioned hoodies.

And over here, most burglars don't give a rat's arse about being caught: sentences are low, there's little additional punishment for repeat offenders (the other day they caught a burglar with 33 prior convictions, think he's going to reform much?), and if the police actually do turn up the heat a bit too much for comfort, one simply relocates to the next EU country.