• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 8th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime

Hackers can crash Google’s Nest Dropcams by exploiting Bluetooth flaws

March 22nd, 2017 Waqas Security, Cyber Crime 0 comments
Hackers can crash Google’s Nest Dropcams by exploiting Bluetooth flaws
Share on FacebookShare on Twitter

Last year Google found some critical security flaws in Microsoft’s Edge browser and urged the company to fix these flaws within nine months but Microsoft acted otherwise, and the browser is still vulnerable to cyber attacks. In return, Google security researchers published some aspects regarding the flaws to give a glimpse into their findings. Fair enough.

But when it comes to securing its own product, it looks like Google is as lazy as Microsoft. A security researcher Jason Doyle discovered critical vulnerabilities in Nest Lab’s Dropcams allowing attackers to crash the cameras and block them from recording videos. The flaws exist in the camera firmware version 5.2.1.

Nest Labs which was acquired by Alphabet Inc. (Google) for $3.2 billion in January 2014, specializes in products like Learning Thermostat, Smoke+CO Alarm, Indoor Cam and Outdoor Cam. In this case, its Dropcam and Dropcam Pro are vulnerable to attacks which can be exploited to crash the cameras using their Bluetooth feature, creating a perfect situation for thieves and burglars to carry out their illegal activities without getting caught.

Softpedia reports that Doyle alerted Google about the vulnerability back in October 2016. However, no software update or patch was issued by the company. Google’s lazy attitude forced Doyle to publish his findings on GitHub, according to which there are three vulnerabilities including 1: Bluetooth (BLE) based Buffer Overflow via SSID parameter, 2: Bluetooth (BLE) based Buffer Overflow via Encrypted Password parameter and 3: Bluetooth (BLE) based Wifi Reassociation.

[fullsquaread][/fullsquaread]

In Bluetooth (BLE) based Buffer Overflow via SSID parameter, an attacker can temporarily disconnect the targeted camera from Wifi and disable it from recording videos. However, the attacker has to be within the Bluetooth range.

In the Bluetooth (BLE) based Buffer Overflow via Encrypted Password parameter flaw, an attacker can crash and stop the targeted camera from the recording by triggering a buffer overflow condition when setting the encrypted password parameter on the camera.

In the Bluetooth (BLE) based Wifi Reassociation flaw, an attacker can disconnect the targeted camera from a connected network by issuing a new SSID, but since the video’s local storage is not supported by Nest Lab’s cameras they try to reconnect with the original network, however, the whole process takes a few minutes, during which the recording video feature is disable.

[fullsquaread][/fullsquaread]

Since the researcher has publicly published his findings, it’s time for Google to issue a patch without further delay. The Register claims Google is about to do exactly it in coming days.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Bluetooth
  • Cameras
  • Google
  • hacking
  • internet
  • Microsoft
  • Privacy
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Hackers claim to steal 200 million Apple accounts; demand $75k ransom
Next article You are not alone, ThePirateBay.org is down for everyone
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
John McAfee Charged with Fraud in Cryptocurrency Scam

John McAfee Charged with Fraud in Cryptocurrency Scam

U.S. DOJ warns of fake unemployment benefit websites stealing data

U.S. DOJ warns of fake unemployment benefit websites stealing data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

U.S. DOJ warns of fake unemployment benefit websites stealing data
Cyber Crime

U.S. DOJ warns of fake unemployment benefit websites stealing data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers
Cyber Attacks

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us