Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

The era of inexpensive home security cameras has arrived. Would-be thieves will take one look at your $150 webcam-based monitoring device and run away screaming, right? Not necessarily.

The Nest Cam, which currently comes in both indoor and outdoor varieties, is vulnerable to three different Bluetooth-based attacks that could render the camera useless for the duration of a burglary. (Don't call these attacks hacks — these are denial-of-service attacks that do not damage or change the Nest Cam's software.)

In a statement to Tom's Guide, Nest Labs said that it was "aware of this issue, [has] developed a fix for it and will roll it out to customers in the coming days." Unfortunately, there doesn't seem to be a way to turn off a Nest Cam's Bluetooth radio until then. You could just stay home for a while and stock up on heavy weaponry, to be safe.

MORE: Best Wireless Home Security Cameras

This information comes courtesy of Jason Doyle, a senior security engineer at VMware AirWatch, who posted his research — and the instructions for carrying out each attack — on the Github online code repository.

Back in October, Doyle found three separate but similar Bluetooth-based flaws in Nest Cams and their older Dropcam cousins and submitted the information to Nest Labs, owned by Google parent company Alphabet. After five months without a fix, Doyle took his findings public.

The first attack involves overflowing the entry field for a Wi-Fi SSID, or network name, after connecting to a Nest Cam via Bluetooth. If you  attempt to connect the Nest Cam to a phony Wi-Fi network and enter an arbitrarily long SSID, the camera will choke on the data, then crash and reboot.

Since Nest Cams transmit all data up to Nest servers via Wi-Fi and internet, rather than saving it on local storage, this would give burglars a short window in which to accomplish mischief. (And, of course, the burglars could repeat the attack as often as they like.)

Doyle's second attack uses a similar overflow tactic as the first. This time, instead of overflowing the SSID field, attackers can attempt to set a new password for the camera via the Bluetooth connection. If the password is sufficiently long, the camera will again crash and reboot, giving the burglars the short window mentioned above.

The third trick is the simplest of all. After connecting to a Nest Cam with Bluetooth, an attacker can simply instruct it to join a different Wi-Fi network. Whether or not the camera is successful in joining the new network, it will disconnect from its current Wi-Fi network and cease to transmit data for the 60 to 90 seconds it takes to attempt a new connection.

The flaws may not sound serious, since an attacker would need to be within Bluetooth range of the camera. However, while this would pose a problem for remote attackers, burglars are, by definition, not remote.

If a pair of thieves knew for sure that a house had a Nest Cam Indoor, Nest Cam Outdoor, Dropcam or Dropcam Pro, it would be fairly simple for one ne'er-do-well to hide just out of sight, continually knocking the camera out of service with his or her Bluetooth-enabled smartphone, while the other entered the house and made off with the loot.

Unlike some other security cameras, Nest Cams do not disable Bluetooth after their initial setups. Nest Labs claims that this continued connectivity is in order to make use of secondary features such as App Silence and Safety Checkup, although these features are arguably not important enough to leave the camera open to such trivial exploits.

Now that Doyle has gone public, Nest Labs is rushing out a fix. In the meantime, there's not much you can do aside from disconnecting your Nest camera — which would admittedly create the exact same situation as the one that burglars would want to exploit. At least there’s no evidence that anyone’s used the trick ... yet.

• 15 Best Mobile Privacy and Security Apps
• Best Antivirus Software and Apps
• Top Picks for Smart Home Gadgets