Google’s OpenWeave and Nest Cameras Vulnerable to Takeover Attacks
- Talos researchers discovered eight flaws that plague Nest IQ Indoor and the weaver binary.
- The attacks are not entirely easy or simple to carry out with success, but they are still possible.
- Users are urged to apply the latest patch that fixed all eight of the reported security flaws.
Cisco Talos researchers Lilith Wyatt and Claudio Bozzato have discovered multiple security flaws in the Nest Cam IQ Indoor camera and the associated OpenWeave network protocol. The vulnerabilities allow information exfiltration, DoS attacks, camera pairing brute-forcing, arbitrary code execution, and more. Talos has already reported the details of the flaws to Nest, a subsidiary of Google, and a fixing patch that addresses the security vulnerabilities is already available for the owners of Nest devices. All Nest Labs IQ Indoor cameras that run on version 4620002 or earlier are vulnerable to the aforementioned attacks.
Out of a total number of eight flaws that were discovered and fixed, two are categorized higher on the CVSSv3 score that was assigned by the Talos researchers, and these are the CVE-2019-5035 and CVE-2019-5040. The first allows an attacker to brute force a pairing code by using a specially crafted set of weave packets, enabling the hacker to gain access to Weave and take full control of the Nest camera. The second flaw can be exploited with a specially crafted weave packet again, causing an integer overflow condition which leads to a data reuse scenario in PacketBuffer. This data reuse is practically an information disclosure problem.
image source: talosintelligence.com
As the report points out, most of the vulnerabilities lie in the weave binary of the camera, while some also apply to the weave-tool binary. Normally, the exploited commands are never directly executed by the camera, and an attacker would require a local attack vector to carry out a successful takeover. Moreover, the brute-forcing of the pairing code could take many days and even weeks to conclude, but if carried out, the same pairing code can be used again in the future as it won’t change even after rebooting the device.
Google Nest is building various smart home products including smoke detectors, alarm systems, smart locks, smart doorbells, and thermostats, while the Nest Cam IQ Indoor is one of the most expensive and advanced products in the Nest line. It integrates Google Assistant, is capable of facial recognition, and can serve as a 6LoWPAN hub for other devices. That said, it is central to many different types of Nest network implementations, and it is used by many people as an indoor safety surveillance system component. If you are one of them, make sure to update your device to the latest available firmware version as soon as possible.
Are you operating a Nest security network? Let us know what you think about the news above in the comments section below, or on our socials, on Facebook and Twitter.