A NUMBER OF FLAWS in Google's Nest Cam IQ could enable hackers to take control of a vulnerable device.
That's according to researchers at Cisco Talos, who claim to have uncovered eight flaws; three denial-of-service (DoS) vulnerabilities, two code-execution bugs, and three that could be used for information disclosure.
These are the latest string of security flaws to be found in Nest Cams over the years, although Google has been quick to patch this latest batch after the researchers notified the company about their findings before going public.
According to the researchers, the Weave Protocol in version 4620002 of the Nest Cam IQ Indoor camera was vulnerable to some of the newly-disclosed bugs. "Most of these vulnerabilities lie in the weave binary of the camera; however, there are some that also apply to the weave-tool binary," the researchers explained in a write-up.
The two most severe bugs are CVE-2019-5035 and CVE-2019-5040 - holding CVSS ratings of 9.0 and 8.5, respectively.
CVE-2019-5035 is a brute-force information disclosure vulnerability existing in the Weave PASE pairing functionality of the Nest camera. It enables an attacker to brute-force a pairing code by sending a set of specially crafted weave packets. Eventually, it allows the attacker to gain greater access to Weave and full control of the device.
CVE-2019-5040 is another information disclosure bug existing in the Weave MessageLayer parsing of version 4.0.2 of Openweave-core. An attacker can trigger this vulnerability by using specially crafted packets to cause an integer overflow.
The less critical vulnerabilities discovered by the researchers are CVE-2019-5043, CVE-2019-5034, CVE-2019-5036, CVE-2019-5037, CVE-2019-5038, and CVE-2019-5039, which are rated 7.5 and below on CVSS scale.
CVE-2019-5043 is a DoS vulnerability. It exists in the Nest IQ's Weave daemon and can be prompted by repeated connection attempts to TCP. It eventually results in unlimited resource allocation and crashing of the system.
CVE-2019-5034 is a Weave legacy pairing vulnerability that could be used for information leak.
CVE-2019-5036 is a Weave KeyError DoS vulnerability, which exists in the Weave error reporting functionality of the device.
CVE-2019-5037 is another DoS vulnerability that lies in the Weave certificate loading functionality of the camera. It can be triggered by a sending a specially crafted weave packet, which causes an integer overflow and eventually a denial of service. µ
Put a Ring-Con on it
We know. We're as surprised as you are
It's available across all major UK networks