Wie the British tech site The Register reports, security researcher Jason Doyle in Dropcam and Dropcam Pro Smart Home manufacturer nest discovered three vulnerabilities. According to this, it is possible to deactivate the camera for home monitoring via Bluetooth and to switch off the video recordings for a certain time - long enough to gain unintentionally access to the home. Doyle identified three weaknesses.
Security gaps cause Dropcam to crash
The first vulnerability causes attackers to crash the dropcam over a weak point in the wireless Bluetooth connection (low-energy) with a so-called buffer overflow. What does that mean? In essence, the hacker writes too large amounts of data into a memory space that is too small for it, the buffer or stack, which also overwrites the memory locations located after the target memory area. Since this is not planned, the system crashes. To do this, third parties only have to send an excess WLAN (SSID) to the camera. The second error works similarly, but instead of the SSID one sends the Dropcam an encrypted WLAN password in excess. This also results in a crash of the surveillance camera.
Nest camera does not have local memory
Especially vulnerable is the third security vulnerability: In this case, you can simply simply clip the existing WLAN connection of the camera by sending a fake SSID to the device. The dropcam tries to connect with the supposedly new network. Because this fails, the device reverts back to the original network. The process takes about 90 seconds - giving organized attackers enough time for further action. Because the Nest Dropcam does not have any local storage and does not create any recordings without connecting to the cloud.
Nest closes the gaps only after months
The American American Doyle discovered the three security gaps in the firmware 5.2.1 already in October 2016. So far, Nest but nothing against the problem. After Doyle released the defects himself on the Internet, the alphabet daughter announced an update, which is to fix the software errors in the coming days.