Welcome to the community! Read our posting tips, and learn how to earn ranks, levels and badges to get started.

Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.


Happy posting!

Security Researchers Find Several Bugs in Nest Security Cameras

PoohPooh Member, Beta Tester Posts: 674
500 Likes 500 Comments 25 Answers 100 Agrees
✭✭✭✭✭
edited August 2019 in Devices & Security

Yet again we find how easy it is to circumnavigate IoT security: this time it's Google's own Nest Cam IQ camera's.


Researchers found eight vulnerabilities in these cameras that Google said have been fixed in the current available firmware.


Whilst kudos some be given for getting the issues fixed, it's scary how much privacy we are giving up.


Do you know who's watching you through your cameras?


https://www.vice.com/en_us/article/d3avxa/security-researchers-find-bugs-in-nest-cam-iq


People say nothing is impossible, but I do nothing every day.
Tagged:
VioletChepil

Comments

  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    What do you think? @Ajax @adam @John @TheCustomCave @Lee_Bo @Marc @kltaylor

    Community Manager at Fing

  • adamadam Member, Beta Tester Posts: 62
    25 Likes 10 Comments 5 Agrees Founder
    ✭✭✭

    Nearly all these kinds of attack are directly at the camera (as apposed to via the cloud portal that manages it) which means that to be vulnerable the camera has to be exposed on the Internet. Normally a vpn on a home network with no other ports open on the router can stop such issues.

    VioletChepil
  • PoohPooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    edited August 2019
    I wish that were true, but we've had copious situations where routers have been exposed to allow ingress, other IoT devices that allow backwards traversal, WiFi networks using easy to crack WEP keys or even WPA2 (now that's been shown to be compromised), malware on PC's open up tunnels etc. Heck, there's now even a Lightening cable you can buy that, when connected to an iOS device, will allow remote connectivity - a cable!

    So, whilst these vulnerabilities may be local to the network, it's still a serious risk because it's THAT easy for hackers to get inside your average home network with a proliferation of badly written 'thing' firmware and lazy users.

    Way way way too many folk have horribly insecure networks which makes these things relatively easy to exploit.
    People say nothing is impossible, but I do nothing every day.
    VioletChepil
  • MarcMarc Moderator, Beta Tester Posts: 1,106
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    ✭✭✭✭✭
    I can’t stress this enough when it comes to home routers, keep the firmware updated to the latest and use a strong password for the admin account. No router is completely secure but these two steps go along way.  
    Thats Daphnee, she's a good dog...
    PoohVioletChepil
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,101
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Pooh said:

    Yet again we find how easy it is to circumnavigate IoT security: this time it's Google's own Nest Cam IQ camera's.


    Researchers found eight vulnerabilities in these cameras that Google said have been fixed in the current available firmware.


    Whilst kudos some be given for getting the issues fixed, it's scary how much privacy we are giving up.


    Do you know who's watching you through your cameras?



    I've considered Nest cameras, but through research on issues like this, I've stayed away from them for now.
    The fact is that nearly any camera that could be used in a consumer or professional environment can be hacked, or have vulnerabilities in a firmware update that was recently pushed out.
    I expect more from Google, though ... how could independent researchers find the things that Google's own QA process should have discovered.
    Nonetheless, those individuals that want more security for their investment in a lot of cases, either forget to secure access to those tools or simply don't know how to.
    This is why a device like Fing is important for home automation and monitoring.  Bad guys need to first obtain access to the network before they can view your cameras.  If you don't know how to secure your network and access pathways, seek a geek!
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    HronosVioletChepil
  • Lee_BoLee_Bo Member Posts: 118
    100 Comments 100 Likes 5 Agrees 5 Awesomes
    ✭✭✭
    I don't think it matters WHAT product you use, if someone wants to hack into it, they will.
    VioletChepil
  • PoohPooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    edited August 2019
    @Lee_Bo whilst true, there are some items that do apparently make it horribly easy for any script kiddie armed with tools such as Metasploit and access to Shodan to break into folks networks...
    People say nothing is impossible, but I do nothing every day.
    VioletChepil
  • TheCustomCaveTheCustomCave Member, Beta Tester Posts: 48
    25 Likes 10 Comments 5 Agrees Founder
    ✭✭✭
    As with all of these things it's a numbers vs. knowledge thing. The more you know about it, the more you can prevent it. For the numbers, statistics would generally tend toward the average punter not being in any real danger. Yes, a hacker could want to access accounts, but as these are mostly directly at the device, they'd generally want/need a reason to target you specifically.

    I generally take the view of keeping everything up to date, firmware, software etc. Nothing is every truly secure, especially in this day and age - but you take the same choice with things like having a Facebook or Google account. The average hacker isn't too interested in looking at what Joe Bloggs is doing, but while the vulnerability is present in the hardware they may target someone higher profile specifically.
    VioletChepil
Sign In or Register to comment.