That potentially dangerous Nest Cam has been fixed
Nest Cams are incredibly convenient, but having a permanent connection to the Internet can also be a security risk.
Update, March 31: Nest has rolled out a silent update to fix the bug, and claims no one was ever affected. In a statement, the company says that “all Nest camera customers now have the updated software. To our knowledge, no customer’s camera was ever affected by this issue and customer video remained safe. This isn’t the first time we’ve updated our security measures, and it won’t be the last, as we continue to look for ways to improve our products, such as the introduction of two-factor authentication last month.”
Nest, the Alphabet company that scooped up to take over its smart home ambitions, has a problem. Its Nest Cam line, which includes the (admittedly excellent) Outdoor model, has a dangerous bug that allows a would-be thief or hacker (or hacker thief) to send a signal over Bluetooth to force the camera into a reboot, disabling the unit for up to 90 seconds.
The vulnerability was discovered last October and reported to Nest in October by Florida-based security expert, Jason Doyle, but the cries went ignored, so he felt he had no choice but to make them public in hopes of pushing Nest to do something about it.
There are three issues, all to do with problems in the camera’s always-on Bluetooth connection, which end up forcing the unit to either reset or seek out a non-existent Wi-Fi network. All three issues have the same effect: they take down the Nest Cam entirely. Of course, said hacker would need to be within Bluetooth LE range for the connection to be made — some 60 feet in good conditions, but more likely 30 feet — but now that the exploits are out, such antics could become more common.
For its part, Nest has released a statement claiming that it would be sending a patch to all Nest Cam and Dropcam models “in the coming days,” after discovering and patching the issue internally. Good news for active Nest Cam users, but let’s hope Dropcam has a method of forcing such an update to customers that wouldn’t otherwise be aware of the problem.