Vulnerabilities Discovered in Nest Cam IQ Indoor Camera

Talos, a division of Cisco Security, has discovered security vulnerabilities on the Nest Cam IQ Indoor camera. The camera has vulnerabilities in its weave binary, which uses Weave protocol for “setup and initial communications with other Nest devices over TCP, UDP, Bluetooth and 6lowpan,” wrote Cisco Talos employees Research Engineer Lilith Wyatt and Senior Vulnerability Researcher Claudio Bozzato.

Exploiting this vulnerability would require a local attack vector, otherwise known as an attacker-controlled file. After finding these vulnerabilities, Cisco Talos contacted Weave and Nest Labs to make sure that these vulnerabilities are resolved via a software update, according to a blog post from Talos. Since published their results, Nest has created a new update for the Nest Cam IQ Indoor, number 4720010.

Nest Cam IQ Indoor

Nest’s Cybersecurity Issues

This is not the first time that security vulnerabilities have been found regarding Nest products. Last Spring, it was discovered that Nest customers’ email addresses and passwords were available on the web, although Nest attested that this was due to anonymous third parties rather than their own software. In an email with the subject line “Your Nest Account Security,” Rishi Chandra, Vice President of Product at Nest explained why having emails and passwords easily accessible online is dangerous,

“For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the Internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. “

Chandra recommended that customers:

  • Disable any compromised accounts
  • If you have an account with the same password as a compromised account, change your password
  • Enable two-step verification
  • Choose a strong and unique password for Nest accounts
  • Set up family accounts instead of setting up multiple accounts for one family
  • Be vigilant about phishing emails
  • Update all home network routers

“It’s a great responsibility to be welcomed into your home, and we’re committed to keep you and your Nest Devices safe,” he wrote.

Aliza Vigderman

Aliza Vigderman

Aliza is a journalist living in Brooklyn, New York. Throughout her career, her work has spanned many intersections within the tech industry. At SquareFoot, a New York-based real estate technology company, she wrote about the ways in which technology has changed the real estate industry, as well as the challenges that business owners face when they want to invest in property. At, an education technology website, Aliza created digital content for lifelong learners, exploring the ways in which technology has democratized education. Additionally, she has written articles for The Huffington Post as well as her own content on Medium, the online publishing platform. Aliza’s love of journalism and research stems from the excellent Journalism program at Brandeis University. At Brandeis, Aliza interned as a research assistant at the Schuster Institute for Investigative Journalism, a non-profit “news room without walls”. There, Aliza was paired with an investigative journalist and used academic databases to obtain data on everything from the suicide rates in Bhutan to local Boston court cases. Her last position was as an account executive at Yelp, educating business owners on the power of technology to increase revenue. Throughout, however, her heart remained with tech journalism, and she’s thrilled to be writing for Security Baron. When she’s not keeping afloat of the latest tech trends, Aliza likes to cook, read, and write. A former high school “Class Clown,” Aliza has completed two feature-length screenplays, a pilot, and countless comedic sketches. On her days off you can find her relaxing in Prospect Park, trying the latest flavors at Ample Hills Ice Cream, and spending time with friends and family.

Trending News

Follow Us