Vulnerabilities in Google Nest Cam IQ Indoor camera could allow attackers to take over a device

Denial of service, code execution and information disclosure bugs found in Google's Nest Cam IQ indoor camera system

Multiple vulnerabilities in Google's Nest Cam IQ indoor camera could enable hackers to take control of a vulnerable device.

That's according to researchers at Cisco Talos, who claim to have uncovered eight flaws, of which three are denial-of-service (DoS) flaws, two code-execution bugs, and the remaining three could be used for information disclosure.

The research is the latest in a string of security flaws found in Nest Cams over the years, although Google has patched the latest batch after the researchers notified the company about their findings before going public.

According to the researchers, the Weave Protocol in version 4620002 of the Nest Cam IQ Indoor camera was vulnerable to some of the newly-disclosed bugs. "Most of these vulnerabilities lie in the weave binary of the camera; however, there are some that also apply to the weave-tool binary," the researchers explained in a write-up.

The two most severe bugs are CVE-2019-5035 and CVE-2019-5040 - holding CVSS ratings of 9.0 and 8.5, respectively.

CVE-2019-5035 is a brute-force information disclosure vulnerability existing in the Weave PASE pairing functionality of the Nest camera. It enables an attacker to brute-force a pairing code by sending a set of specially crafted weave packets. Eventually, it allows the attacker to gain greater access to Weave and full control of the device.

CVE-2019-5040 is another information disclosure bug existing in the Weave MessageLayer parsing of version 4.0.2 of Openweave-core. An attacker can trigger this vulnerability by using specially crafted packets to cause an integer overflow.

The less critical vulnerabilities discovered by the researchers are CVE-2019-5043, CVE-2019-5034, CVE-2019-5036, CVE-2019-5037, CVE-2019-5038, and CVE-2019-5039, which are rated 7.5 and below on CVSS scale.

CVE-2019-5043 is a DoS vulnerability. It exists in the Nest IQ's Weave daemon and can be prompted by repeated connection attempts to TCP. It eventually results in unlimited resource allocation and crashing of the system.

CVE-2019-5034 is a Weave legacy pairing vulnerability that could be used for information leak.

CVE-2019-5036 is a Weave KeyError DoS vulnerability, which exists in the Weave error reporting functionality of the device.

CVE-2019-5037 is another DoS vulnerability that lies in the Weave certificate loading functionality of the camera. It can be triggered by a sending a specially crafted weave packet, which causes an integer overflow and eventually a denial of service.

This is not the first time that researchers have uncovered security issues in Google's Nest camera systems.

Earlier this year, a hacker reportedly cracked into Nest security cameras and demanded users subscribe to PewDiePie's YouTube channel. The hacker claimed that he had used a credential stuffing technique to crack Nest surveillance camera passwords.

Last year, Nest warned a customer of a password breach and urged him to change it and deploy two-factor authentication.