Latest Google Nest Cam IQ Vulnerabilities Include Device Takeover & More

admincamera, security, Video

There have been numerous reports of Nest Cams getting hacked over the last year or so. However, those have typically been limited to hackers speaking to users through the camera.

A list of new vulnerabilities that affect the Google Nest Cam IQ indoor camera have been revealed by researchers with Cisco Talos, a commercial threat intelligence group.

According to Cisco Talos, the vulnerabilities have to do with the Weave protocol used by the camera.

“It primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth and 6lowpan. Most of these vulnerabilities lie in the weave binary of the camera, however, there are some that also apply to the weave-tool binary,” the organization says in a blog post.

The vulnerabilities included three denial-of-service (DoS) bugs that could allow an attacker to disable the camera, two would allow code execution and three that could be used for information disclosure.

Here are the vulnerabilities as listed by Cisco Talos:

Nest Labs Nest Cam IQ Indoor Weave TCP connection denial-of-service vulnerability (TALOS-2019-0810/CVE-2019-5043)

An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Nest Labs Nest Cam IQ Indoor Weave legacy pairing information disclosure vulnerability (TALOS-2018-0797/CVE-2019-5034)

An exploitable information disclosure vulnerability exists in the Weave legacy pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted Weave packets can cause an out-of-bounds read, resulting in information disclosure. An attacker can send specially crafted packets to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Nest Labs Nest Cam IQ Indoor Weave PASE pairing brute force vulnerability (TALOS-2018-0798/CVE-2019-5035)

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Nest Labs Nest Cam IQ Indoor Weave KeyError denial-of-service vulnerability (TALOS-2018-0799/CVE-2019-5036)

An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packet can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Nest Labs Nest Cam IQ Indoor WeaveCASEEngine::DecodeCertificateInfo denial-of-service vulnerability (TALOS-2018-0800/CVE-2019-5037)

An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of the Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read to occur on unmapped memory, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Nest Labs Openweave Weave tool Print-TLV code execution vulnerability (TALOS-2018-0801/CVE-2019-5038)

An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command.

Read the complete vulnerability advisory here for additional information.

Nest Labs Openweave Weave ASN1Writer PutValue code execution vulnerability (TALOS-2018-0802/CVE-2019-5039)

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core, version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can exploit this vulnerability by tricking the user into opening a specially crafted Weave.

Read the complete vulnerability advisory here for additional information.

Nest Labs Openweave Weave DecodeMessageWithLength information disclosure vulnerability (TALOS-2018-0803/CVE-2019-5040)

An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core, version 4.0.2 and the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Prior to releasing the blog post, Cisco Talos “worked with Weave and Nest Labs to ensure that these issues are resolved and that an update is available for affected customers.”

The post Latest Google Nest Cam IQ Vulnerabilities Include Device Takeover & More appeared first on Security Sales & Integration.