Security hole lets burglars knock out your smart home camera

Smart home systems are supposed to make our lives easier and safer -- but some of the most popular connected security cameras could make your place an easy target if your neighborhood is visited by a tech-savvy burgling crew.

Security researcher Jason Doyle recently published a set of three vulnerabilities he found in Google's Nest cameras. The flaws, which take advantage of the camera system's always-on Bluetooth, allow anyone within the devices' Bluetooth Low Energy (BLE) range to overwhelm them and shut them down.

Doyle claims he reported the flaws to Google back in October when he first found them, but the company has yet to offer any updates to fix the issues. He decided to go public with the information last week to inform Nest users of their potential vulnerability.

Models affected by the vulnerabilities include the Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor running version 5.2.1 of Nest's firmware.

The first two flaws can be exploited by sending the camera overlong Wi-Fi SSID parameters or a encrypted password parameters. This triggers a buffer overflow condition, which causes the cameras to stop recording, crash and reboot.

The third flaw is a bit different: it knocks the camera from its connected Wi-Fi network entirely. Attackers can bombard the camera with a new SSID connect to, which knocks it off its network as it attempts to join the new one. The process takes about 90 seconds before the original Wi-Fi connection resets -- but if the attack is repeated on a loop, the security system is rendered useless.

Original image has been replaced. Credit: Mashable

Doyle told us these flaws aren't all that rare in the smart products that are coming to our homes as the Internet of Things (IoT) grows and evolves. "I've recently been interested in how IoT products were implementing the newer Bluetooth LE specification," he said via email. "I tested several home automation products, from cloud cameras like Google's Nest Cam to Bluetooth-enabled pressure cookers; and my results were a bit disconcerting."

He said some connected home products that use Bluetooth don't have much to offer in the security department at all -- but the Nest isn't the worst of them. "The Nest cam does have some well-thought-out security measures in place but their implementation obviously had a few shortcomings," he said. 

Doyle also stressed that leaving Bluetooth on isn't the issue at hand here -- but it's important that makers of these connected devices lock those systems down.

"While leaving it on has functional advantages it also increases the attack surface and presents more options to an attacker," he said. "If they need it for some other integrations then it makes sense as long as they do their due diligence in securing the implementation."

A Nest rep acknowledged the existence of the flaws to us via email, but assured us a patch is on the way. "Nest is aware of this issue, developed a fix for it, and will roll it out to customers in the coming days," they said.

Until then, Nest owners would be smart to depend on the sturdiest old-school security systems their homes have to offer: a strong set of locks.