Nest Security Cameras Can Be Easily Blacked Out
Security researchers have figured out three different ways to disable Nest Security Cameras (Nest is part of Google). As of a few days ago, Google said they were working on patches and would push them out shortly. But it speaks to the more general problem of wireless security.
In the Nest situation, there are three vulnerabilities. The researcher, Jason, Doyle, notified Google in October but there are still no fixes – 5 months later. If the bug had been found by Google’s own bug hunters in Project Zero, they would have started having a wall-eyed cat fit in January.
But it points to the lack of security in IoT in general, the challenge of getting companies to patch IoT bugs (there is no revenue after the initial sale) and later getting users to actually install the patches (I hope Nest automatically looks for and installs patches with no user involvement, but I don’t know).
The first bug is pretty simple. Get into bluetooth range and ping the camera with an overly long Wi-FI SSID parameter. This causes the camera to crash and reboot. While it is rebooting, you are clear to break in. Keep doing it and you could be clear for days.
The second bug is related. Send a long Wi-Fi password and the camera crashes and reboots also – same deal as above.
The third bug can be exploited by telling the camera to connect to a new network. This causes it to disconnect from the current network (and stop recording). Since the new network is bogus, it will eventually reconnect to the old network, but in the meantime, it won’t record.
I have a variant to the last one. If the burglar brings a local Wi-Fi hotspot with him or her, the Nest, I would guess, would connect to it, but since that hotspot doesn’t an Internet connection, it can’t transmit. In that case, it might not reconnect to the old network – I don’t know.
Since these cameras ASSUME that they always have an Internet connection, they don’t deal well with not having one.
While these attacks require the hacker to be in bluetooth range, since they are trying to break into the house, that is likely not a problem.
Why Google doesn’t turn off Bluetooth after the camera is initially configured is not clear either.
This is just an example of the challenges of Wireless camera systems. Another example would be overpower the Wi-Fi connection to force the camera to connect to a rogue hotspot or no hotspot. There are lots of other attacks. Hard wired cameras are better – if the burglars can’t easily get to the wires to cut them.
Many alarm and camera systems use cellular connections to transmit alarms. While cellular is good, it is not foolproof. Bring a cellular jammer with you (yes, they are illegal, but so is breaking into someone’s house or office) and the alarm won’t be able transmit images or alarms.
On the other hand, wireless is much easier to install (you don’t have to run wires), so less expensive. This goes for cameras and alarm systems also.
But the vendors don’t talk about the fact that they are also less reliable.
In part, it depends on your level of paranoia. And also the quality of the manufacturer. Likely there are several to many manufacturers. If you are expecting junkies to break into your house or office, they probably won’t worry about disabling cameras or alarms. Pros, on the other hand – they might worry and likely have the smarts to disable your entire system.
For many systems, there can be multiple manufacturers. One camera might come from vendor ‘A’, but a different camera might come from Vendor ‘B’. Same thing with alarms. A door sensor could come from one vendor while a motion sensor might come from another. It used to be that these sensors were dumb – you make or break the connection and the panel generates an alarm. Now, at a minimum, it needs to have enough software to connect to the right network and then transmit the alarm. Many cameras an sensors are much smarter than that. Smarter also means buggier.
While Google will, eventually, issue a patch, what about the hundreds of other wireless camera vendors and thousands of other alarm piece part vendors who aren’t quite so reputable.
In addition, if the burglars can kill your Internet connection (like cutting your cable or phone line, since these cameras have no local storage, you have no pictures of the bad guys. If a camera somehow uses wireless Internet (like cellular), then the bad guys would have to disable both, but I am not aware of any consumer grade cameras that work that way.
It is important to understand the risks you have. In this case, the Nest was supposed to protect you, but maybe didn’t. For other wireless camera systems – well, who knows.
Information for this post came from The Register.