Google admits bug could let people spy on Nest cameras

On Thursday, Google confirmed that a bug in its Nest security cameras could have allowed users to be spied on, Wirecutter reports.

The issue was first raised by a user on Facebook who recently sold his Nest Cam Indoor yet was still able to access its feed. The problem involves Wink, an app that lets people manage multiple smart devices regardless of their developer. The Facebook user noted that despite carrying out a factory reset on his Nest camera before selling it, his Wink account remained connected to the device, allowing him to view snapshots of the buyer’s live feed.

Wirecutter tested the vulnerability on its own Nest Cam by linking it to a Wink account and then performing a factory reset. The publication also found it was receiving “a series of still images snapped every several seconds” via its Wink account.

“In simpler terms: If you buy and set up a used Nest indoor camera that has been paired with a Wink hub, the previous owner may have unfettered access to images from that camera,” Wirecutter says. “And we currently don’t know of any cure for this problem.”

Google responded to the incident after Wirecutter’s story broke Wednesday and announced it had fixed the problem. The tech company says a factory reset should now unlink any Wink account from its cameras.

“We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest,” a spokesperson told Wirecutter. “We’ve since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.”

Although the issue was quickly fixed, it’s unknown how long the bug was active and whether it was actively exploited.

READ MORE:

Got five minutes? We’d love to hear from you. Help shape our journalism and be entered to win an Amazon gift card by filling out our 2019 reader survey.

H/T Wirecutter

Mikael Thalen

Mikael Thalen

Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.