The indoor security device was vulnerable to user privacy bugs. The indoor camera of Google Nest Cam IQ contained a wealth of security vulnerabilities that could be used to hide or disrupt the device.
Lilith Wyatt and Claudio Bozzato from the Cisco Talos research team said on Monday that a number of major vulnerabilities existed in the Nest Cam IQ, one of a selection of Google-owned home security and Internet of Things (IoT) devices.
“It [Nest Cam IQ Indoor] primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth, and 6lowpan,” the researchers said. “It is important to note that while the weave-tool binary also lives on the camera and is vulnerable, it is not normally exploitable as it requires a local attack vector (i.e. an attacker-controlled file) and the vulnerable commands are never directly run by the camera.”
The Weave Protocol was found vulnerable to many of the newly disclosed security flaws in version 4620002 of the Nest Cam IQ Indoor. A total of eight vulnerabilities include denial-of-service issues, code execution, and leaks of information.
CVE-2019-5043 is the first vulnerability which is exploitable for denial of service caused by multiple connection attempts to TCP resulting in an unrestricted allocation of resources and system crashes. The bug exists in the Weave daemon of Nest IQ.
The second security flaw, CVE-2019-5034 is present in the functionality of Weave legacy pairing. Used through manufactured Weav packets, attackers can trigger a read-out and subsequent disclosure of information.
CVE-2019-5040 is another information leak problem that the research team has revealed. Found in Openweave-Core Weave MessageLayer version 4.0.2, the vulnerability can be triggered by manufactured packages to cause an overflow in integer.
There are also two code execution vulnerabilities, CVE-2019-5038 and CVE-2019-5039. These security failures present in the Weave tool print-tlv command and the Openweave-core version 4.0.2 ASN1 certificate writing feature can be exploited by luring the user to open a malicious Weave or Weave command themselves. If the attack succeeds, a hacker will be able to execute arbitrary code.
A vulnerability of the brute force, CVE-2019-5035, has also been disclosed. The bug exists in the Weave PASE camera pairing functionality, and should a set of crafted weave packets be used, attackers can brute a pairing code, which, according to Cisco Talos, “results in greater Weave access, and possibly full device control.”
In addition, malicious packets can use CVE-2019-5036 and CVE-2019-5037, Weave errors, and certificate loading problems to cause a denial of service.
Cisco Talos has worked with Weave and Nest Labs to fix security flaws and automatically update them before they are disclosed to the public.
A Google spokesperson told
“We’ve fixed the disclosed bugs and started rolling them out to all Nest Camera IQs. The devices will update automatically so there’s no action required from users.”
In related news, Google today announced that users can migrate their Nest accounts to Google’s standard accounts. Google Home and Nest joined in May and the technology giant is working slowly towards user accounts integration.
E-mail invitations are now sent to users to start the process of changing the product line, which will require one sign-in. The users were concerned that the control functionality of Amazon Alexa could break down due to change, but Google and Amazon have collaborated to launch an updated ability to prevent disturbance in intelligent homes.