Hackers can crash Google’s Nest Dropcams by exploiting Bluetooth flaws

Last year Google found some critical security flaws in Microsoft’s Edge browser and urged the company to fix these flaws within nine months but Microsoft acted otherwise, and the browser is still vulnerable to cyber attacks. In return, Google security researchers published some aspects regarding the flaws to give a glimpse into their findings. Fair enough.

But when it comes to securing its own product, it looks like Google is as lazy as Microsoft. A security researcher Jason Doyle discovered critical vulnerabilities in Nest Lab’s Dropcams allowing attackers to crash the cameras and block them from recording videos. The flaws exist in the camera firmware version 5.2.1.

Nest Labs which was acquired by Alphabet Inc. (Google) for $3.2 billion in January 2014, specializes in products like Learning Thermostat, Smoke+CO Alarm, Indoor Cam and Outdoor Cam. In this case, its Dropcam and Dropcam Pro are vulnerable to attacks which can be exploited to crash the cameras using their Bluetooth feature, creating a perfect situation for thieves and burglars to carry out their illegal activities without getting caught.

Softpedia reports that Doyle alerted Google about the vulnerability back in October 2016. However, no software update or patch was issued by the company. Google’s lazy attitude forced Doyle to publish his findings on GitHub, according to which there are three vulnerabilities including 1: Bluetooth (BLE) based Buffer Overflow via SSID parameter, 2: Bluetooth (BLE) based Buffer Overflow via Encrypted Password parameter and 3: Bluetooth (BLE) based Wifi Reassociation.

In Bluetooth (BLE) based Buffer Overflow via SSID parameter, an attacker can temporarily disconnect the targeted camera from Wifi and disable it from recording videos. However, the attacker has to be within the Bluetooth range.

In the Bluetooth (BLE) based Buffer Overflow via Encrypted Password parameter flaw, an attacker can crash and stop the targeted camera from the recording by triggering a buffer overflow condition when setting the encrypted password parameter on the camera.

In the Bluetooth (BLE) based Wifi Reassociation flaw, an attacker can disconnect the targeted camera from a connected network by issuing a new SSID, but since the video’s local storage is not supported by Nest Lab’s cameras they try to reconnect with the original network, however, the whole process takes a few minutes, during which the recording video feature is disable.

Since the researcher has publicly published his findings, it’s time for Google to issue a patch without further delay. The Register claims Google is about to do exactly it in coming days.

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts