Not like we weren't ever expecting this thing to get hacked.... despite Google and Nest's "assurances" about security, blah, blah...
And some wonder why we call this the IoS...?
Nest's Dropcam and Dropcam Pro security cameras can be wirelessly attacked via Bluetooth to crash and stop recording footage. This is perfect for burglars and other crooks who want to knock out the cams moments before robbing a joint. The three vulnerabilities are in camera firmware version 5.2.1, and no patch is publicly …
Both of my Nest Outdoor cameras show a version of 214-610025 and my two DropCam Pro inside cameras show a version of 205-600052. His advisory says it affects all of them.
The thermostat has used version numbering in a format similar to "5.2.1" but mine is 5.6-7 (not a typo).
"214-610025 ... 205-600052 ... 5.6-7
That's fascinating. I'd like to learn more. Can you tell us your home address as well, please?"
Sure, I trust you know how to fix this, huh? Thanks for the offer! My address is:
725 5th Ave
New York
NY
10022
Just tell the doorman you're here to see me about the security cameras.
Thanks!
Er, no. If you use a router from a good vendor, it will allow things like a cellular failover. If the router is also on a UPS, someone can cut all the cables they want and your network stays connected. Even cheap consumer grade routers from good router makers support this feature with "pay as you go" cellular. (e.g. Peplink Surf SOHO)
"Cutting the small round cable to the house also disables cloud devices"
The first thing that some scroats did before breaking into my house was rip the cable off the wall. They weren't a sophisticated lot either. However the fact that the cable they ripped was the cable to an unused satellite dish and didn't touch the cable that actually operated the broadband showed they weren't the brightest bunch.
Unfortunately I didn't have any cctv anyway so I couldn't catch them.
Which is why you use 3G/4G backup on your router, and why you use UPS on any device that you care about surviving a power outage. CCTV DVRs and cameras should be top of that list.
(And is the Nest PoE-powered or mains? Even if it's mains (stupid), it's not difficult to ensure it runs on a protected circuit, but if it's PoE, you just need to UPS the switch).
Anyone who cares about home/business security can spend £50 on the cheapest of UPS and buy a GSM alerting alarm/camera system (which is the only kind of thing I'd buy anyway... why would you want the alerts from your cameras - literally "someone has cut me off!" - not get sent over an independent connection to warn you personally?
Don't rely on ADT/Yale to come running. Don't rely on your phone line being up. Don't rely on your neighbours to see the burglars or respond to your alarm. Even the police barely respond unless there's proof of a robbery in active progress, just an alarm going off is useless and CCTV? "Yeah, if you can just search that for us and send us anything that's relevant" (I worked with the CCTV in schools for 15 years and have also provided evidence for 3 crimes for neighbour's burglaries etc. - they just don't have time to sit through even YOUR footage, they will ask you to provide it or not bother).
My system is actually a proper system:
- 30-day recording CCTV on all cameras, full res, none of this motion detection junk.
- Wired cameras with blackout / cable-cut detection alerts (even putting a bit of chewing gum over the lens).
- UPS-backed NVR.
- Connection for alerts via email, GSM, etc.
- Smartphone app on my phone, my girlfriend's phone.
- Tablet app on an iPad in work, constantly showing all the cameras all day (just underneath my monitor. After a while, you ignore it all unless something happens, but because it's ALWAYS in line-of-sight you see everything you need to).
- Home burglar alarm is wired internally and alerts via GSM messages with internal battery backup.
Already proved useful in 3 police-reported crimes for my neighbours, numerous "neighbourly" disagreements ("If I catch your kids standing on top of my garden fence again, you're buying me a new one", "But they don't!", "1.28pm today, 12:12pm yesterday, would you like me to send you an MP4? Just because I'm not there doesn't mean I can't see it"), and no end of other minor disputes (my council weren't collecting my rubbish, then they claimed it was "contaminated", then they claimed that my bins were in the wrong place - ALL WRONG!, DHL parcel guy lobs fragile parcel over back-fence and then signs our signature... etc.), as well as my girlfriend "checking the cats were okay" every two seconds. It survives power-cuts (an hour at least, I think, but I've never had it out longer than that in 3 years), it survives cable-cutting, it survives people blocking or obscuring the cameras, and instantly raises enough alerts / suspicion that I'd be on my way home with a friendly call to the police on the way there (which, generally, should gee them up more than just "Oh, someone is burgling an empty house")..
And, strangely, the closest we've come to a problem is the guy who burgled one neighbour, then came back the next week in the same car, drove past my house at 2mph looking intently at my house for a long time, then decided to burgle the other neighbour instead. I'm sure the cameras, infrared floods, hard-wired connections, bell-box, RFID alley gates, etc. had nothing to do with that....
Ironically, all-in the system cost about £300 and a couple of days of cable-running. And you'd be hard pressed to find enough inside to walk out with worth more than that before I could do something, and it'd be much more tricky to do it untraceably.
Hell, even the iPad at work isn't actually mine.
> My system is actually a proper system:
Lee, I hope you do not mind me saying, but you seem to live a rather sad life, with all that crime, neighbourly disagreements, snooping, and general worrying about small things.
My house's front door stays unlocked even while I am away on month-long business trips and my neighbour's kids are quite welcome to play in my garden.
My only complaint is that every time I plant something new outside, it only lasts until my gardener shows up--everything his mower can mow, will get mowed. I'm half expecting him to supplement his effort with a chainsaw one day and take care of my lemon trees. :-)
"There doesn't seem to be any reason why [Nest] leaves Bluetooth on after setup unless they need it for future or current integrations"
Well, if they turn Bluetooth off, how will Google know when you've returned home with your phone etc within Bluetooth range? Wouldn't want to miss the opportunity to slurp up that location data would they?
Perhaps it is simply the NSA's/CSA's front door feature to allow 'permitted access' as required to confirm how daft users of these device really are?
This now pointless rubbish is not even IDIOTIC (Internet Direct Integration of Threats Including Chaos/Criminals) since Bluetooth is not an internet protocol.
> Nest deliberately designs its cameras to use internet-hosted storage for video, not local storage
Wait, a *security* camera that is flummoxed by a lack of internet connection? Using cloud storage doesn't stop you including a cheap sd card as a rolling buffer.
Oh and Google, October would be 90 days ago Shirley.
Korev>>Or "jammed" with a can of spray paint
There's a difference: Jamming isn't jamming if it sets off an alarm.
1) camera is sprayed, hooded, etc --- motion detection alarm on the cam or monitor is triggered
2) camera is disconnected or forced offline --- motion detection on cam is useless but monitor can still detect it, either with motion detect on incoming video, camera heartbeat failure, etc.
3) camera video feed freezes --- this is the killer: if you can keep a camera quiet for the few seconds you need to walk in its field of vision, that is the ultimate failure.
I'm unhappy using wireless except for non-security applications. Where security is concerned, you have to worry about smart people rather than dumb equipment. And however surprisingly dumb equipment (espicially IoT stuff) can be, the cleverness of people can be still more surprising.
I've even seen wireless security cameras on unprotected networks ("oh, I don't mind if anyone sees what's at my gate, as long as I can see it"). A little bit of research and radio hacking later and I phoned the guy up.
Me: "Hi Jim, it's John; I called yesterday to discuss your security, cameras etc. I'm at the gate"
Him: "*pause* Are you at the right house? I can't see you at on my camera!"
Me: "What's the weather like on that camera? Does it remind you of yesterday, at all?"
Him: "You tricky bastard! Ok, looks like I need your advice after all. Come in"
You find me a 5.8GHz jammer please.
Just to throw something completely ridiculous out there.... I don't know about NEST but I know several other "security"[cough] cameras work over normal WIFI.
Now.. If I was to bring in a few laptops/RPi's etc, park close enough to your house and have these all talking on the same channel as your system is using (assuming it's manually set rather than automatic), would it actually be possible to effectively jam things that way? If the target is valuable enough, it could be a worthwhile attack? (Though one would hope if they're worth the effort they'd also have the brains not to rely on wireless cameras!)
Just some midnight weirdness. Don't mind me.
No they're not, the vulnerabilities are caused by the design decision of using a radio link that can be so easily jammed. Why weren't these vulnerabilities picked up at the security review - they did actually conduct a security review on the security product?
> Why weren't these vulnerabilities picked up at the security review - they did actually conduct a security review on the security product?
It is a consumer grade product, after all. If your security needs are more than casual, or if you need higher reliability, then you won't be (or at the very least, shouldn't be) using Nest services.
One thing that should perhaps be noted is that Nest cameras send a continous stream of live images to the cloud and notify the owner as soon as connection is lost with an image of what the cam last saw (and the video to that point can also be reviewed).
So unless the camera is approachable unseen to within bluetooth/jammer range or the internet wires/cables are out of sight it is likely the miscreant has already been snapped and the evidence safely stored out of reach.
Bypassing it is easy.
Doing it without arousing suspicion is hard.
Most CCTV systems have an "image obscured / power fail" alert that detects when a camera is obscured, damaged or disconnected and alerts people.
And such alerts - because they NEVER happen - generate much more suspicion than anything else. Hell, you can even have it set off the house alarm when that happens if you like, it's that rare.
I would ask the question why Nest using Bluetooth in their devices? And the answer is pretty straight forward user experience. The major reason for having this feature is easy straight forward first time setup of the device. This is the secret sauce that makes Nest devices so successful and popular. The next question is this the most efficient approach taken also by other IoT manufacturers to improve their user experience of the first setup?
The answer is yes, many of IoT manufacturers copied the success story from Nest. And they have no less production capacity than Nest. However, unlike Nest many of them are not even aware that they have now such problem and they don't have a way to solve it seamlessly for the user by updating the firmware over the air.
I'm a founder of the IoT cyber protection startup Cybeats and we have a goal to protect the customers of IoT companies by protecting their products.
Our company creates the solution for any IoT vendor and manufacturer so once such vulnerability is discovered (zero day) in the professional jargon, the company like Nest alerted and has the proper way to mitigate the problem by pushing out the firmware that resolves it.
If you interested to read more about the security problems modern IoT imposing to us as consumers and how manufacturers supposed to solve them you welcome to visit our website https://www.cybeats.com