There are many systems that exist today to make homes safer. They are supposed to make people’s lives easier and worry-free. Unfortunately, some of the best products in smart home devices are not foolproof.
For example, some security cameras can make a home an easy target for tech-savvy burglars in the neighborhood. Specifically, there are three vulnerabilities that can be found in cameras like Google’s Nest. These flaws mostly rely on the fact that these cameras playoff Bluetooth technology. Therefore, they have a greater range that can be overwhelmed and then shut down.
Jason Doyle of GitHub reported these flaws and more back in October of 2016, but Google has yet to fix these concerns with their cameras. Therefore, Doyle went public with the information in March of 2017 to inform people who use Nest of this vulnerability issue. Several of Google’s products are vulnerable to these issues, including the Dropcam, the Dropcam Pro, Nest Cam Outdoor, and Nest Cam Indoor, all of which operate on Nest’s firmware version 5.2.1.
The first two flaws can be subjugated by accessing the camera through Wi-Fi parameters. At the same time, the encrypted password parameters can be exploited. Both of these processes activate a buffer overflow condition, and this makes the cameras stop their recording to the point that they crash and have to reboot.
The final flaw is a bit different. The goal of tech-savvy burglars for this final vulnerability is to unhinge the camera from its Wi-Fi network completely. Then, the cameras can be reprogrammed to run off a new SSID that can be manipulated for a certain view. Then, burglars can easily find a way to the house once they are no longer being watched. How long does this process take? Surprising, replacing the SSID network only takes about 90 seconds. After this timeframe, the original Wi-Fi network connect will reset and re-enable itself. Therefore, either these burglars have learned how to work fast or they have learned to perform this action in a loop, which will then make the security system useless either way.
Surprisingly, these flaws are not as uncommon as they sound. They are also not restricted to Google’s security devices alone. Doyle has tested several home automation products against these protocols, and he found that many of the results were disconcerting. Doyle claims the products that make use of Bluetooth do not offer as much security as they seem to. However, he believes the Nest is the worst one of all. He states that some of these technologies do “have some well-thought-out security measures in place but their implementation obviously had a few shortcomings.” This statement is mostly made based on the fact that the Bluetooth aspects remain on for a long period.
The only way to make sure they do not fail a homeowner in the long run is to make sure the Bluetooth connectivity remains on lockdown as tightly as possible. Yes, leaving these systems on all of the time has some “functional advantages,” as Doyle calls them, but they also invite an attack that can be very tempting for most tech-savvy burglars.
The best word of advice that Doyle can give to people who use Google’s Nest and similar products is to depend on older security systems like CCTVs until this newer technology is ironed out a little more thoroughly. They are a great concept, but they still need some testing and adjusting before they are truly safe for homes.
By: Cary Teller