Recently, the tech review site Wirecutter reported that some older Nest cams allowed their former owners to access camera feeds, even after the devices had been reset to factory settings.
This is an interesting case because in this instance, the bug wasn’t found by a group of savvy researchers, but by a Facebook group for Wink smart hub owners. By pure happenstance and experimentation, the group discovered that feeds from formerly owned cameras could still be accessed via the Wink hub, even in cases where those devices had been reset to factory defaults. This naturally created a buzz, which was picked up by Wirecutter’s staff and then promptly forwarded onto Google.
For their part, Google responded quickly, issuing a security patch and pushing it to all Nest cameras connected to the web. Of course, that didn’t capture all the Nest cameras in existence. If you’ve been considering buying some (even from a respected seller like Amazon), the first thing you should do is to check the firmware version of the camera you get and update to the latest if it’s not already installed.
Google is better than most of the companies selling smart devices, many of which don’t offer any sort of security at all. Even so, as this incident clearly highlights that even Google’s firmware isn’t perfect.
Given the recent explosion in smart devices in recent years, we can expect to see many more incidents and reports like these. While the Internet of Things holds great promise, it also carries grave risks that should not be underestimated or discounted. If you’ve embraced smart home culture, be careful.