GOOGLE'S NEST line of security cameras has been found to have a flaw making them incredibly hackable in the wrong hands, and that means burglars in-situ.
The hack involves using Bluetooth LE to crash the cameras, thanks to a fault in firmware version 5.2.1. We understand that as yet there's no fix.
Security Researcher Jason Doyle fist spotted the problems last year and alerted Nest, but as of yet, the company has done nothing to fix the issue and so Doyle has decided to go public.
The hack requires no coding knowledge whatsoever, as it works by pinging overly long data to the camera which then crashes and reboots, giving the would be snafflers time to do their dodgy deeds.
It can also be triggered by trying to register it to another WiFi network that doesn't exist - long enough for it to stop sending recordings to the cloud.
Doyle has now issued proof of concept on GitHub, which is, in effect, a burglar's toolkit. Plenty of software exists on the web to detect the presence of Bluetooth LE devices in range, so targeting properties just by walking past should be a doddle.
The camera is offline for just 60-90 seconds, but this is ample for a smash and grab raid.
An explanation from Cesare Garlati, Chief Security Strategist at the prpl Foundation adds: "This is yet another case where security by separation at the hardware layer of the device would keep malicious actors from configuring the cameras for their own gain.
"Without it, lateral movement inside the device is possible because there is no trust established within the device to distinguish which elements have the trusted ability to control critical functions, like turning the device off - it is essentially a free for all if you know where to look. And clearly these guys do."
The problem comes from what seems like an obvious oversight - the Bluetooth LE feature is only really used during set-up. But once on, it's never switched off. Similar IoT devices from companies like Netatmo, for example, actually require the camera to be upside down(!) to trigger Bluetooth connection.
We have asked Nest to comment, but we understand that an "upcoming update" will address the problem.
We are also investigating how this will affect linked devices that "work with Nest" which are connected at the time of an attack or devices that are programmed with Android Things and Brillo, both of which share common code with Nest. µ
Firm says it needs 'more time before it's ready for customers'
Yes, its the triumphant return of our Alphabet clearing house
Move comes amid rumours it will provide modems for next year's iPhones
Mind game or mind f***?