Multiple security vulnerabilities found in Google's Nest webcam

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Just a week after Google received a mixed response for forcing all Nest camera devices LED to remain on when the camera is in use, Google has another crisis at their hands. According to an article published by Cisco Talos researchers, Google’s Nest Cam IQ Indoor camera has multiple security vulnerabilities.

The Nest Cam IQ currently retails for $249 and has plenty of features but the newly discovered vulnerabilities make it less secure. Overall  Cisco Talos researchers discovered eight vulnerabilities, five relating to the Weave protocol binary built into the camera, and three in the Openweave interface. Three (CVE-2019-5043, CVE-2019-5036, CVE-2019-5037) could be used to bring denial-of-service, two allow code execution (CVE-2019-5038, CVE-2019-5039), two make possible information disclosure (CVE-2019-5034, CVE-2019-5040) and one (CVE-2019-5035) is described as a pairing brute force vulnerability. The silver lining here is that it’s unlikely that these will be exploited as they are hard to execute and might require substantial effort.

Google has already released the update and the Nest Cam IQ will update itself automatically as long as it is connected to the internet but there’s a catch. Google is releasing the update in batches so not all the Nest Cam owners will get the update immediately. The updated version is 4720010 so if you’re using Nest Cam IQ then you can head to Settings>Technical Info and match the current version to make sure you have the updates installed.

More about the topics: google, google nest cam, nest

Leave a Reply

Your email address will not be published. Required fields are marked *