Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Bug Google Privacy Software Technology

Google Admits Bug Could Let People Spy On Nest Cameras (dailydot.com) 30

Google on Thursday confirmed that a bug in its Nest security cameras could have allowed users to be spied on. The Daily Dot reports: The issue was first raised by a user on Facebook who recently sold his Nest Cam Indoor yet was still able to access its feed. The problem involves Wink, an app that lets people manage multiple smart devices regardless of their developer. The Facebook user noted that despite carrying out a factory reset on his Nest camera before selling it, his Wink account remained connected to the device, allowing him to view snapshots of the buyer's live feed.

Wirecutter tested the vulnerability on its own Nest Cam by linking it to a Wink account and then performing a factory reset. The publication also found it was receiving "a series of still images snapped every several seconds" via its Wink account. "In simpler terms: If you buy and set up a used Nest indoor camera that has been paired with a Wink hub, the previous owner may have unfettered access to images from that camera," Wirecutter says. "And we currently don't know of any cure for this problem."
Google responded to the report and said it has fixed the problem. "We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest," a spokesperson told Wirecutter. "We've since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there's no need to take any action."
This discussion has been archived. No new comments can be posted.

Google Admits Bug Could Let People Spy On Nest Cameras

Comments Filter:
  • Buy, buy, buy, You can buy the IP and technology but you inherit the problems.

  • For home automation, you do not want a big company. Instead you wants of different products from different small companies with NO inbuilt integration. No talking to

    The integration should be handled by third party software that has no connection to any of the manufacturers, all of whom build to a standard.

    That way no company can build in undocumented 'features'. Any hardware bugs will not get loose to the internet. The third party software should have the option to NOT send anything out of your router,

    • The integration should be handled by third party software that has no connection to any of the manufacturers, all of whom build to a standard.

      That might be one way to put it. Another is that no one should buy hardware where it's functionality requires setting up some kind of account with some kind of service.

      I wouldn't mind some kind of voice activated home automation device, if it did not require an internet connection to function. I can understand why they do this, they determined that they can make the device simpler, more functional, and cheaper if it is connected to their servers for the voice recognition and other functions.

      I was gifted an Amazon Echo Dot, and it was fun for a while. I could ask it for the weather, to play music for me, get answers to some simple questions, but mostly the music. What bothered me was that if there was the slightest hiccup in the internet then it couldn't do so much as tell me what 2 plus 2 equaled. Then what got on my nerves was it asking for feedback, tried selling me services, along with just getting triggered by my listening to the radio and thinking I was trying to talk to it.

      I pulled the plug on it. It became clear to me that the reason it was so cheap to buy was because it's just an internet connected microphone to some server somewhere, and the real goal is a loss leader for me to buy more stuff from Amazon.

      I won't have any other such a device in my home until I know it will function without "phoning home" to sell my preferences in music and other products and services to advertisers.

    • Don't bring the cloud into your nest. That's your nest! Your nest is supposed to protect you from things like clouds.

    • For home automation, you do not want a big company. Instead you wants of different products from different small companies with NO inbuilt integration.

      I disagree, unless those products have no network connectivity. The security capabilities and practices of small IoT and home automation companies are uniformly awful. Major tech companies like Google will make occasional mistakes, but their core designs will be very good, and even their mistakes will almost always be only in obscure corner cases -- and will be found and fixed quickly.

      Granted that many people aren uncomfortable with allowing big tech companies access to such personal information. That'

    • by mccalli ( 323026 )
      You've described HomeKit.

      The trouble is that precisely because of the increased security requirements, manufacturers didn't really adopt it and went to the easiest route first (Amazon). Apple has since changed those requirements and we're seeing better, but products implement multiple APIs (and also sometimes proprietary ones) so you still have to be cautious.
  • Anyone else have to read The Circle in university?
    https://en.wikipedia.org/wiki/... [wikipedia.org]

    Something reminded me of that for some reason. It's probably nothing.

  • Given Google recently announced that they were deprecating the entire "Works with Nest" API, I wonder if Google already knew of some architectural security flaws with the API that could not be easily fixed. That might explain why they would be willing to take the bad PR that comes with deprecating such a popular API with such short notice.

  • "We've since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there's no need to take any action."

    Until the next time, that is.

    • ...will update automatically..."

      And there's a major part of my problem with IoT. There's a backdoor waiting to be exploited.

  • And no accountability. This has to stop. Making software like this needs to become engineer-only and it needs to come with full accountability for all damage done and a requirement for insurance.

    • President Warren is coming for them, they just don't realize it yet.

      They shouldn't be using their internet advertising monopoly to screw up all these other markets.

You know you've landed gear-up when it takes full power to taxi.

Working...