Burglars Can Easily Make Google Nest Security Cameras Stop Recording (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Burglars Can Easily Make Google Nest Security Cameras Stop Recording (helpnetsecurity.com)

Posted by BeauHD on Tuesday March 21, 2017 @10:40AM from the hit-close-to-home dept.

Orome1 quotes a report from Help Net Security: Google Nest's Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that's in their Bluetooth range. The vulnerabilities are present in the latest firmware version running on the devices (v5.2.1). They were discovered by researcher Jason Doyle last fall, and their existence responsibly disclosed to Google, but have still not been patched. The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively. Triggering one of these flaws will make the devices crash and reboot. The third flaw is a bit more serious, as it allows the attacker to force the camera to temporarily disconnect from the wireless network to which it is connected by supplying it a new SSID to connect to. If that particular SSID does not exist, the camera drops its attempt to associate with it and return to the original Wi-Fi network, but the whole process can last from 60 to 90 seconds, during which the camera won't be recording. Nest has apparently already prepared a patch but hasn't pushed it out yet. (It should be rolling out "in the coming days.")

45 of 71 comments (clear)

Min score:

Reason:

Sort:

By smashing them by WolfgangVL · 2017-03-21 10:47 · Score: 4, Insightful

with the same blunt instrument they used to break in your windows/doors.

--
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
1. Re: By smashing them by slazzy · 2017-03-21 12:51 · Score: 2
  
  Or covering their faces -makes them pretty much pointless. Personally I hide all my cameras quite well so they're not noticeable. I've caught some copulation in my side yard, no breakins however.
  
  --
  Website Just Down For Me? Find out
2. Re: By smashing them by Ol+Olsoc · 2017-03-21 14:54 · Score: 1
  
  Or covering their faces -makes them pretty much pointless. Personally I hide all my cameras quite well so they're not noticeable. I've caught some copulation in my side yard, no breakins however.
  Damn racoons anyhow!
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
3. Re: By smashing them by slazzy · 2017-03-21 16:37 · Score: 1
  
  Deer actually :)
  
  --
  Website Just Down For Me? Find out
4. Re: By smashing them by davester666 · 2017-03-21 18:59 · Score: 2
  
  or you can just overload/jam the wifi network, or have a router that broadcasts with a more powerful signal, or cut the cable/telephone lines going into the building...
  Using Wireless devices for home security is...stupid. You at least have to run a wire to avoid the most basic attack, loss of a network connection.
  
  --
  Sleep your way to a whiter smile...date a dentist!
5. Re:By smashing them by No+Longer+an+AC · 2017-03-22 01:16 · Score: 1
  
  If someone walks up to one of my windows and smashes it, there's a very good chance that one of my neighbors will hear it (one advantage of not having a huge property out of earshot of the neighbors). There's also a good chance I will hear it.
  My front door is not impenetrable but I'm certainly not going to make it vulnerable to yet another attack vector.
  I would hear someone taking a crowbar to it. I probably wouldn't hear someone unlocking it with an app.....but I see I've gotten off topic here. This is about security cameras not locks on doors or even the smashability of windows.
  Is your point that since we can't protect ourselves from every potential threat that we shouldn't bother protecting ourselves from any threat?
  But we're talking about security cameras. As I see it, cameras serve two purposes. As a deterrent and if that doesn't work potentially apprehending the culprit after the fact. If they can disable your cameras, neither of those are going to be effective and you've wasted your money.
  I still lock my doors despite my windows being very smashable.
6. Re:By smashing them by WolfgangVL · 2017-03-22 05:09 · Score: 1
  
  Is your point that since we can't protect ourselves from every potential threat that we shouldn't bother protecting ourselves from any threat?
  Oh! Thank you for asking!
  If the heading was to read...
  Burglars Can Easily Make windows and doors stop being closed.
  And my comment was to read "With the same blunt instrument used to smash your stupid Nest thermostat"
  Would my point be clearer?
  
  --
  You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
Impressive work. by fuzzyfuzzyfungus · 2017-03-21 10:47 · Score: 4, Insightful

Aside from the egregious delay in fixing these things; does anyone else get a very, very, bad feeling about the expected quality of the firmware when 'supply a string longer than a normal user would type' is a successful attack?

If you aren't sanitizing your inputs against that one; what are you sanitizing?
1. Re:Impressive work. by 50000BTU_barbecue · 2017-03-21 11:56 · Score: 2
  
  Modern software is a joke. I'll bet that code to accept that input in the first place runs into the megabytes.
  
  --
  Mostly random stuff.
Smart Burglars by youngone · 2017-03-21 10:49 · Score: 1

I my (limited) experience of burglars, they are way too stupid to know what an SSID is, let alone how to send one to a wireless camera.
Having said that, it is probably not the common or garden variety burglar taking advantage of this kind of bug.
1. Re:Smart Burglars by Baron_Yam · 2017-03-21 10:55 · Score: 3, Interesting
  
  But if you could package this attack into a smartphone app and sell it to a burglar... they wouldn't have to be all that bright, would they?
  You know the first way an experienced burglar used to check a house prior to encrypted radio being common? They broke in the back door then left to listen to their scanner for alarm company or police dispatch radio traffic.
  If somebody else packages up the tools, they're quite capable of using them.
2. Re:Smart Burglars by Baron_Yam · 2017-03-21 11:28 · Score: 2
  
  That's mostly movie stuff, and most of that cabling is underground (at least any place I've seen built in the last 40 years or so).
  I suppose you could go all Hollywood and get a fake maintenance vans and uniforms and disconnect the house from the local nodes... (you know, after learning how to trace the lines or figuring out the local telco/cable company labeling system) but these days you have to do phone, cable, power, plus jam wireless signals.
  Nobody's doing that for what they'd score from the average home. Simple smash-and-grab is where it's at. The real thieves are con artists who convince you to hand over your money willingly.
3. Re:Smart Burglars by Anonymous Coward · 2017-03-21 11:41 · Score: 1
  
  While the cabling might be mostly underground, most main breaker switches are outside your house on the box where the main comes up from underground. Fire codes require this so the fire department can shut off electricity to your house.
  Also the cable and telephone boxes are located outside either on your house or at a common location for multiple houses.
  It is trivial to rob a house anyway. You won't stop a dedicated thief. Buy insurance instead.
4. Re:Smart Burglars by E-Rock · 2017-03-21 12:01 · Score: 1
  
  Even inexpensive home alarm kits have batteries and cellular now.
5. Re:Smart Burglars by bool2 · 2017-03-21 20:44 · Score: 1
  
  "you know, after learning how to trace the lines or figuring out the local telco/cable company labeling system)"
  Or you could do what they used to do around our way... go to the local distribution cabinet and cut all of the wires. No tracing required!
6. Re:Smart Burglars by parkinglot777 · 2017-03-22 00:45 · Score: 1
  
  But if you could package this attack into a smartphone app and sell it to a burglar... they wouldn't have to be all that bright, would they?
  It is not that simple... I can easily counter your statement using simple logics.
  If you were the app developer, then you would know that you have to live in the dark world all the time; besides, you must have very good knowledge of being rogue. If you don't, you can be caught and sued (and could go to jail for this activity). Besides, this type of vulnerability could be found and patched in a short period of time, which in turn renders the app useless for patched devices. Then you would have to update the app which may work a little longer. If you don't update your app, then your reputation will go way down and you won't be able to sell anything later. The buyers also have to be knowledgeable enough to know where to get your app for installation.
  To me, at the current time, no experienced hacker would care to do it because of selling/up keeping the app just for measly revenues. In other words, it is not worth the effort...
Nothing to worry about by JaredOfEuropa · 2017-03-21 10:53 · Score: 4, Informative

Judging from footage, burglars seem to fall into two categories: the amateur criminals of opportunity who simply smash a window and make off with whatever they can get, or fail comically. And the more professional burglars who take a few very simple precautions, come in wearing hoodies and gloves, and leave in minutes. They are professional in the sense that they know how to enter a home quickly without making too much noise, spot homes where the owners are absent and the take is likely to be high, and know which valuables to grab and where they are usually "hidden". But they certainly do not employ any sophisticated methods to bypass alarms or defeat security cameras. They simply skip homes with alarms or ignore their presence depending on how long they are expecting to hang around, and make sure they cannot be recognized with the aforementioned hoodies.

And over here, most burglars don't give a rat's arse about being caught: sentences are low, there's little additional punishment for repeat offenders (the other day they caught a burglar with 33 prior convictions, think he's going to reform much?), and if the police actually do turn up the heat a bit too much for comfort, one simply relocates to the next EU country.

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
1. Re:Nothing to worry about by JustNiz · 2017-03-21 11:08 · Score: 1
  
  It seems to be the same in the the USA (Arizona at least). The police seem to view burglary as an unavoidable fact of life, and burglars seem to never get caught and even if they are, hardly prosecuted (presumably because most of them are actually druggies that just need to steal something to sell, in order to get their next fix).
  In many cases the cops won't even make an effort to come out even if your alarm is going off, especially if they think your insurance will cover it,
2. Re:Nothing to worry about by youngone · 2017-03-21 11:26 · Score: 2
  
  I think that must be common. I don't live in the US but we have the same attitude from the Police, from what I gather.
  Fun fact: Years ands years ago my flatmate (room mate) caught a burglar climbing in our window. He beat the guy so badly the Police had to take him to hospital for treatment before charging him.
  The burglar yelled about having my flatmate charged with assault, so the cops threatened to charge with every burglary in our area that month. Turns out there were more than 150, they had solved none of them.
  My flatmate was not too worried about being charged with anything, his Father was a QC (extremely senior lawyer) there was no way he was winding up in court.
3. Re:Nothing to worry about by timholman · 2017-03-21 11:34 · Score: 2
  
  It seems to be the same in the the USA (Arizona at least). The police seem to view burglary as an unavoidable fact of life, and burglars seem to never get caught and even if they are, hardly prosecuted (presumably because most of them are actually druggies that just need to steal something to sell, in order to get their next fix).
  It's the same in every medium to large city in the entire U.S. Past a certain population size, the police cease to treat property crime as a crime anymore. Burglars have broken into homes in my neighborhood and taken thousands of dollars worth of items, and the police only show up long enough to give the homeowner a report to file with his insurance company. Your stuff is gone, and you'll never see it again. There are well-known serial burglars (generally vagrants and druggies) wandering around my neighborhood who have been arrested dozens of times, and residents are helpless to stop them. Their descriptions and names are common knowledge - nothing is done. They know that as long as they don't assault a resident or use a weapon, they are untouchable. It is a constant source of frustrated discussion on the neighborhood Nextdoor site.
  But the problem with tolerating property crime as part of the "cost of living" is that occasionally it leads to something far worse. Case in point: about three weeks ago, a woman living in a recently gentrified neighborhood was stabbed to death by a homeless guy when she woke up to find him burglarizing her condo (she had forgotten to lock her door). Security footage showed the guy looking for unlocked car doors along the street, and then trying out doors in the condo complex. A police precinct station was less than half a mile away, but it might as well have been 50 miles away as far as police patrols were concerned.
4. Re:Nothing to worry about by JustNiz · 2017-03-21 11:47 · Score: 2
  
  Yeah. If you live in a state that hasn't already taken your 2nd amendment rights away, Its definitely worth being properly prepared (both informed and equipped) to handle such incidents.
  The reality is that you may only have seconds to defend yourself. Expecting the Police to always be there to defend you is naive at best.
5. Re:Nothing to worry about by JustNiz · 2017-03-21 14:04 · Score: 1
  
  Thats awesome, both because he taught that parasite a lesson he won't soon forget, and because they didn't arrest your flatmate.
  In states that respect freedom like here in AZ, we can pretty much just shoot the fuckers like the vermin they are, but in liberal states like Californistan, if you defend yourself or your property there's a more than equal chance that it will actually be you not the burglar that will be arrested/punished.
  BTW I'm guessing you must be a Brit like me (originally at least) since you mentioned "QC".
6. Re:Nothing to worry about by youngone · 2017-03-21 14:59 · Score: 1
  
  No, New Zealand, so yes, Britain but with better weather.
  I have no doubt the burglar learnt no lessons at all, he was a career criminal, and is probably in jail right now.
7. Re:Nothing to worry about by Anonymous Coward · 2017-03-21 23:47 · Score: 1
  
  Posting anon for obvious reasons.
  Around here (South Africa) the danger is never from criminals who break in when the owners are absent, the danger is from criminals who break in when the owners are asleep. They do this specifically because there is more money to be made from squeezing the homeowner for their bank card, login details, etc and cleaning out the account. The family living in the home frequently do not survive this process.
  They can do this because police, when requested, have an average response time of 2 hours. So even if the homeowner has pretty good security (electric fencing, bars on windows and doors), the invaders simply take their time getting through even as the occupants watch in horror as they know that the cops, when called, are still over an hour or more away.
  Add to this the Govt policy that firearms are evil and upon taking power disarmed almost all citizens, and you have a recipe for disaster. They haven't yet outlawed crossbows (yet) and so that's what I used when those five armed fuckers spent 13 minutes (after being told that the cops were on the way) simply walking around the house. They then pulled out some battery operated grinder and started removing bars while we watched them from inside.
  I shot the guy grinding the bars with the crossbow (broadhead) before they got the message. They fired back while I reloaded under cover, and then ran off before I could take a second shot (crossbows take ages to reload!).
  Want to see where liberalism ends? Come to South Africa. I hear that Venezuela is pretty similar, with the same policies. Once the economy gets fucked with more welfare recipients than taxpayers, everyone turns to crime. There's a reason that most homeowners have a private security firm as the first responder for emergencies.
8. Re:Nothing to worry about by pnutjam · 2017-03-22 01:56 · Score: 1
  
  Alot of this is tied to substance abuse or other desperation, if only there were some source of assistance or legal inexpensive way to get your fix.
  
  --
  Cheap storage VM.
9. Re:Nothing to worry about by pnutjam · 2017-03-22 02:03 · Score: 2
  
  Sure, welfare spending is the problem, not rampant corruption.
  
  --
  Cheap storage VM.
10. Re:Nothing to worry about by JustNiz · 2017-03-22 05:35 · Score: 2
  
  At least here in AZ there are already plenty of methadone clinics and other free (paid for by the government) programs for drug users trying to get clean.
  I suspect the real problem is that most of them have zero self-control and/or don't actually want to change.
11. Re:Nothing to worry about by JustNiz · 2017-03-22 05:38 · Score: 1
  
  At least he's locked up and probably getting much man love from Bubba.
12. Re:Nothing to worry about by pnutjam · 2017-03-22 23:21 · Score: 2
  
  I know I shouldn't feed trolls, but having someone yell insults from the short bus is irritating. I can understand that without the brainpower to metephorically turn on an LED, it might seem like South Africa is a failed socialist state, especially if you rabidly consume the alt-right dogma.
  However, it might be that there is more to the story.
  A history of colonialism, apartheid, restricted access to education and all the other shit that South Africa has dealt with... This makes for a poorly prepared electorate and tends to allow dysfunction and corruption.
  But I guess that doesn't play as well to your base.
  
  --
  Cheap storage VM.
13. Re:Nothing to worry about by pnutjam · 2017-03-22 23:32 · Score: 1
  
  Do you know how much Methdone costs? Do you think these treatments are well covered in our current system? They are not.
  
  --
  Cheap storage VM.
14. Re:Nothing to worry about by JustNiz · 2017-03-23 04:10 · Score: 1
  
  At least here in AZ, you have to offend and be caught first for it to be free, since (especially with a first offence) the court usually gives you the option to attend (affordable/free) treatment in lieu of punishment.
Cut the power by DatbeDank · 2017-03-21 11:18 · Score: 1

Or they could just as easily cut the power to the house. Who here actually remembers to put their home alarms on a UPS?
1. Re:Cut the power by Michael+Woodhams · 2017-03-21 11:35 · Score: 1
  
  How does a burglar without bulky tools quickly, safely and inconspicuously cut power to a house? Other than the occasional low hanging fruit (meter box, with mains switch, is on exterior of the house) I can't think of a way, but IANAB, so maybe ways exist.
  
  --
  Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
2. Re:Cut the power by Nonesuch · 2017-03-21 12:00 · Score: 1
  
  Or they could just as easily cut the power to the house. Who here actually remembers to put their home alarms on a UPS?
  Higher end home alarms (systems which are installed by a technician, and monitored by a central station) include a hefty lead-acid backup battery good for at least half a day, and often with immediate reporting to both the panel and monitoring station when the alarm switches to battery power, and also when battery charge runs low.
  
  --
  
  I do not deploy Linux. Ever.
3. Re:Cut the power by goose-incarnated · 2017-03-21 23:50 · Score: 1
  
  Or they could just as easily cut the power to the house. Who here actually remembers to put their home alarms on a UPS?
  Mine came with the battery built in. The battery has recently lasted through an eight hour outage, so I've got no worries.
  
  --
  I'm a minority race. Save your vitriol for white people.
4. Re:Cut the power by pnutjam · 2017-03-22 02:52 · Score: 1
  
  In many houses, there is a switch right under the power meter. Years ago, someone flipped mine and I couldn't figure out what happened until the power company guy came out.
  
  --
  Cheap storage VM.
Uh... by XSportSeeker · 2017-03-21 11:24 · Score: 1

Burglars couldn't care less about your Bluetooth vulnerabilities when they can use a mask and be quick about it. :P
Wireless by silas_moeckel · 2017-03-21 11:27 · Score: 4, Interesting

Because a burglar would never use a cheap RF jammer they can get for 50 bucks. If your security relies on wireless continuing to function it's broken by design.

--
No sir I dont like it.
1. Re:Wireless by Anonymous Coward · 2017-03-21 13:04 · Score: 1
  
  Because your average burglar's are smart enough to use RF jammers and bluetooth hack cameras.
  If one comes along that is smart enough to know how and where to use one, rather than pass your house to one that's more easily to burgle, then you're likely fucked no matter what security you have.
Slow News Day? by brian.stinar · 2017-03-21 12:26 · Score: 2

So what?
The crackhead that burgled one of my tenants did it with a vice grips after leaving their window open an a Macbook visible from the window. The bars weren't attached with security bolts (one way) but rather regular bolts (two ways.) That burglar didn't even bother bring a ratchet to make removing the bolts happen quicker. Do you think he's going to be able to make security cameras stop responding with his in-depth knowledge of the BlueTooth protocol and years of experience working cyber security at a National Laboratory? I don't. The other time my tenant was burgled they left a bicycle locked to a wooden structure, which was ripped apart with a chain tied to a truck. The other other time a different (not the same) tenant was burgled they left a GPS, binoculars, and some other valuable thing visible in their car. That burglar used a cinder block.
Don't leave your valuables visible when you're not around to back them up with your 2nd amendment rights.
Seriously, this entire posting is retarded. Try and keep a shotgun handy (no aiming!) a big dog, and friends/tenants/roommates around to keep the diversity of the city outside your domicile. Nest security cameras aren't going to do anything against the nondescript minority/white guy in a hoodie that's ready to throw the dice and jack your shit with a brick.
This is why Albuquerque can't have nice things, and Breaking Bad was filmed here.
Easier way. by Quarters · 2017-03-21 12:42 · Score: 1

Are they talking about these (https://nest.com/camera/meet-nest-cam-outdoor/)? The exterior security cameras with very long and noticeable power cords? Screw Bluetooth hacks, just walk obliquely up to it and unplug the darned thing.
Probably many others too. by antdude · 2017-03-21 12:56 · Score: 1

Like Netgear Arlo. :/

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Surfing through the camera by AndyKron · 2017-03-21 13:08 · Score: 1

Some years ago I was in a hotel, and the WiFI was very slow. I went to the front office to find out what I was doing wrong. I found out I was surfing the Internet through a security camera!
Dog stuff by Latent+Heat · 2017-03-21 14:39 · Score: 1

What about the neighbors who drop their dog waste in your can, after garbage pickup and before you return home from work, that you have to store that dog waste in your garage until the next week? If it rained there is water in the bottom of the can in which the plastic baggie is swimming (we have robotic-arm collection trucks, and the lid is often open after a collection). Ewww!
That's the need for that Nest device.
Say no to unicode by Hognoxious · 2017-03-21 20:45 · Score: 1

Blame unicode. It needs to accept Bungobungian metarunes or the SJWs will complain that it's RAAAAASCIST.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."