Bluetooth Vulnerabilities Allow Attackers to Compromise Nest Dropcams

Cyber security researcher Jason Doyle discovered a few months ago three critical vulnerabilities in the firmware of the webcams Dropcam and Dropcam Pro. The issues concern version 5.2.1 of the camera firmware, and according to the researcher's report, they allow potential attacks by crashing and stopping any footage recording through the devices' Bluetooth function.

The vulnerabilities imply that the cameras are not sufficiently effective in keeping thieves away from any home or other building as they can be easily and wirelessly shut down by someone located within the BLE range of the webcam, which is mostly likely the case of criminals who are intending to break into your house.

The first of the bugs described by Doyle allows an attacker to crash and reboot the webcam by triggering a buffer overflow through pinging an overlong Wi-Fi SSID parameter via the device's Bluetooth Low Energy technology. The second vulnerability will have the same effect when exploited – to crash and restart the device. However, the implementation is somewhat different – the attacker should send a long Wi-Fi password to the Nest camera.

The third bug also makes the camera useless as it allows the cybercriminal to make the device go offline repeatedly an unlimited number of times. In this case, the attacker can make the webcam disconnect from its current Wi-Fi by sending to it a request to connect to a new SSID network. While trying to connect to the new network, which does not exist, the device stops recording any footage for a period of about a minute and a half until it reconnects to its old Wi-Fi.

Doyle reported his findings to Google in October last year, yet so far there hasn't been any response from the company. That made the researcher announce the vulnerabilities publicly, hoping that this will finally attract the attention of Google's Security Team.

Some other reports indicate though that the company already has a fix for these bugs and will release a patched version of the Nest firmware soon, yet no exact date is known. The big problem in fixing these vulnerabilities is that Bluetooth is an integrated part of the camera and is enabled by default. A possible solution would be to make it possible for users to shut down Bluetooth whenever they wish to do so, or at least after setup. Until the function stays on all the time, the devices will be vulnerable to attacks.