Vulnerabilities found in Google's Indoor Nest camera: Report

For story suggestions or custom animation requests, contact [email protected] Visit http://archive.nextanimationstudio.com to view News Direct's complete archive of 3D news animations.

RESTRICTIONS: Broadcast: NO USE JAPAN, NO USE TAIWAN Digital: NO USE JAPAN, NO USE TAIWAN
A new report by Cisco Talos, a cyber security intelligence and research group, has found eight different vulnerabilities in Google's Indoor Nest cameras.

One of the bugs, called CVE-2019-5043, allowed multiple connection attempts to the camera's TCP, or Transmission Control Protocol, which would cause the camera's system to crash. While another bug allowed attackers to acquire and read sensitive information from the cameras.

Two code security vulnerabilities, named CVE-2019-5038 and CVE-2019-5039, allowed attackers to exploit the camera's security system by luring users to open a malicious command on Google's open source network Weave, which is used by Google's Indoor Nest cameras.

The researchers also found a bug in which attackers could potentially gain control over the security camera devices.

In a statement to ZDNet, a spokesperson from Google said that they have fixed all the bugs and are in the process of updating all the Nest Camera IQs. The company added that the devices will automatically update so that users don't have to update it themselves.

RUNDOWN SHOWS:
1. Google's security camera being hacked
2. Information being sent from the camera to a laptop
3. A malicious command
4. Attacker controlling the security camera

VOICEOVER (in English):
"A new report by Cisco Talos, a cyber security intelligence and research group, has found eight different vulnerabilities in Google's Indoor Nest cameras."

"One of the bugs, called CVE-2019-5043, allowed multiple connection attempts to the camera's TCP, or Transmission Control Protocol, which would cause the camera's system to crash."

"Another bug allowed attackers to acquire and read sensitive information from the cameras."

"Two code security vulnerabilities, named CVE-2019-5038 and CVE-2019-5039, allowed attackers to exploit the camera's security system by luring users to open a malicious command on Google's open source network Weave, which is used by Google's Indoor Nest cameras."

"The researchers also found a bug in which attackers could potentially gain control over the security camera devices."

SOURCES: Cisco Talos, ZDNet
https://blog.talosintelligence.com/2019/08/vuln-spotlight-nest-camera-openweave-aug-2019.html
https://www.zdnet.com/article/vulnerabilities-in-google-nest-cam-iq-can-be-used-to-hijack-your-camera/