Talos, a division of Cisco Security, has discovered security vulnerabilities on the Nest Cam IQ Indoor camera. The camera has vulnerabilities in its weave binary, which uses Weave protocol for “setup and initial communications with other Nest devices over TCP, UDP, Bluetooth and 6lowpan,” wrote Cisco Talos employees Research Engineer Lilith Wyatt and Senior Vulnerability Researcher Claudio Bozzato.
Exploiting this vulnerability would require a local attack vector, otherwise known as an attacker-controlled file. After finding these vulnerabilities, Cisco Talos contacted Weave and Nest Labs to make sure that these vulnerabilities are resolved via a software update, according to a blog post from Talos. Since published their results, Nest has created a new update for the Nest Cam IQ Indoor, number 4720010.
Nest’s Cybersecurity Issues
This is not the first time that security vulnerabilities have been found regarding Nest products. Last Spring, it was discovered that Nest customers’ email addresses and passwords were available on the web, although Nest attested that this was due to anonymous third parties rather than their own software. In an email with the subject line “Your Nest Account Security,” Rishi Chandra, Vice President of Product at Nest explained why having emails and passwords easily accessible online is dangerous,
“For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the Internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. “
Chandra recommended that customers:
- Disable any compromised accounts
- If you have an account with the same password as a compromised account, change your password
- Enable two-step verification
- Choose a strong and unique password for Nest accounts
- Set up family accounts instead of setting up multiple accounts for one family
- Be vigilant about phishing emails
- Update all home network routers
“It’s a great responsibility to be welcomed into your home, and we’re committed to keep you and your Nest Devices safe,” he wrote.