Google’s Nest Cam bug lets hackers hijack the camera

A surplus of vulnerabilities has been found on Google’s Nest Cam IQ Indoor, which could lead to hackers being able to watch people through the lens. A cyber-attack on the intelligent security camera could also mean that the device stops working and as well as create access to the owner’s home system.

The camera is thought to hold the highest level of security created by Google, however, researchers Lilith Wyatt and Claudio Bozzato of intelligence threat group, Cisco Talos, found 8 vulnerabilities on the machinery.

What’s more worrying is that features on the camera had extra security enhancements put on them. These features include Linux in Android, facial recognition and Google Assistant. This means that if hackers can crack the high security used on these features, they can also hack less protected cameras too.

The location of the problem

The vulnerabilities that were discovered by Wyatt and Bozzato were found in the Wave protocol of the 4620002 version of the camera. This section is designed to be used for the Internet of Things communication.

“It [Nest Cam IQ Indoor] primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth, and 6lowpan,” Say Wyatt and Bozzato. They continued,  “It is important to note that while the weave-tool binary also lives on the camera and is vulnerable, it is not normally exploitable as it requires a local attack vector (i.e. an attacker-controlled file) and the vulnerable commands are never directly run by the camera.”

Part of the problems found includes code execution, informal leaks, and denial of service problems.

Fixing the issue

Google told the IT news website, ZDNet, that they have fixed the problem and that those with the camera do not have to take any action.

“We’ve fixed the disclosed bugs and started rolling them out to all Nest Camera IQs. The devices will update automatically so there’s no action required from users.” A Google spokesperson said.