Tech giant Google is facing yet another privacy issue after vulnerabilities were revealed in the company’s Google Nest Cam IQ indoor security camera which could allow hackers to hijack the device.
ZDNet reports that Lilith Wyatt and Claudio Bozzato from the Cisco Talos research team recently revealed a number of major vulnerabilities in the Nest Cam IQ, an indoor security camera device manufactured by Google. The researchers noted that in certain versions of the Nest Cam IQ Indoor, a vulnerability was discovered which left the device open to digital attacks.
The researchers stated: “It [Nest Cam IQ Indoor] primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth, and 6lowpan. It is important to note that while the weave-tool binary also lives on the camera and is vulnerable, it is not normally exploitable as it requires a local attack vector (i.e. an attacker-controlled file) and the vulnerable commands are never directly run by the camera.”
The researchers noted a total of eight vulnerabilities including denial-of-service problems, code execution, and information leaks. The first vulnerability called CVE-2019-5043 is a denial-of-service vulnerability prompted by multiple TCP connection attempts. This results in unrestricted rouse allocation and system crashes. Another security flaw in the Weave tool can be exploited by luring a user into clicking on a malicious Weave command which can then give hackers the opportunity to execute code.
A number of other network-related hacks were discovered, which ZDNet has gone into detail about here. A Google spokesperson commented on the vulnerabilities stating: “We’ve fixed the disclosed bugs and started rolling them out to all Nest Camera IQs. The devices will update automatically so there’s no action required from users.”
Google has recently begun offering users the opportunity to combine their Nest and regular Google accounts into one following Google Home and Nest joining together in May.