Vulnerabilities found in Google's Indoor Nest camera

  • Friday 23, August 2019 11:49 AM
Sharjah24 – Reuters: A new report by Cisco Talos, a cyber security intelligence and research group, has found eight different vulnerabilities in Google's Indoor Nest cameras.
One of the bugs, called CVE-2019-5043, allowed multiple connection attempts to the camera's TCP, or Transmission Control Protocol, which would cause the camera's system to crash. While another bug allowed attackers to acquire and read sensitive information from the cameras.

Two code security vulnerabilities, named CVE-2019-5038 and CVE-2019-5039, allowed attackers to exploit the camera's security system by luring users to open a malicious command on Google's open source network Weave, which is used by Google's Indoor Nest cameras.

The researchers also found a bug in which attackers could potentially gain control over the security camera devices.

In a statement to ZDNet, a spokesperson from Google said that they have fixed all the bugs and are in the process of updating all the Nest Camera IQs. The company added that the devices will automatically update so that users don't have to update it themselves.