Google has pushed an update to Nest cams today that will prevent former cam owners from tapping into old camera feeds and spy on the devices' new buyers.
The company reacted after tech reviews site Wirecutter reported yesterday that some Nest cams still allowed old owners to access feeds of image stills from old cams even after resetting the device to factory settings and selling it to a new user.
Affected products included Nest Cam Indoor connected to Wink smart home hubs via the "Works with Nest" protocol.
Issue found by a Facebook group
The issue first came to light in a Facebook group for Wink smart hub owners. The group's users found that after resetting their Nest cams to factory settings, they could still view a live feed of image stills via the Wink hub.
While in some instances the cameras were still in their possession, some users reported seeing feeds from other people's houses, supposedly the camera's new owner.
Wirecutter's staff confirmed the Facebook group's original findings before publishing a report yesterday. They also tested and confirmed the Google Nest update today.
Nest cam owners who recently bought their devices from Amazon or other places should look into updating their Nest indoor cams to today's firmware.
Events like these -- where former Nest cam owners can still access their old devices -- usually happen when the device is sold without being reset to factory settings.
Good advice for any user who has recently purchased a second-hand IoT device is to reset it to factory settings before re-configuring for their home network.
More vulnerability reports:
- Mozilla patches Firefox zero-day abused in the wild
- Mozilla fixes second Firefox zero-day exploited in the wild
- Yubico to replace vulnerable YubiKey FIPS security keys
- Major HSM vulnerabilities impact banks, cloud providers, governments
- 'RAMBleed' Rowhammer attack can now steal data, not just alter it
- Disgruntled security firm discloses zero-days in Facebook's WordPress plugins
- KRACK attack: Here's how companies are responding CNET
- Top 10 app vulnerabilities: Unpatched plugins and extensions dominate TechRepublic