Google pushes Nest cam update to prevent former owners spying on new buyers

Former Nest cam owners could have accessed old devices despite cameras being reset to factory settings.
Written by Catalin Cimpanu, Contributor

Google has pushed an update to Nest cams today that will prevent former cam owners from tapping into old camera feeds and spy on the devices' new buyers.

The company reacted after tech reviews site Wirecutter reported yesterday that some Nest cams still allowed old owners to access feeds of image stills from old cams even after resetting the device to factory settings and selling it to a new user.

Affected products included Nest Cam Indoor connected to Wink smart home hubs via the "Works with Nest" protocol.

Issue found by a Facebook group

The issue first came to light in a Facebook group for Wink smart hub owners. The group's users found that after resetting their Nest cams to factory settings, they could still view a live feed of image stills via the Wink hub.

While in some instances the cameras were still in their possession, some users reported seeing feeds from other people's houses, supposedly the camera's new owner.

Wirecutter's staff confirmed the Facebook group's original findings before publishing a report yesterday. They also tested and confirmed the Google Nest update today.

Nest cam owners who recently bought their devices from Amazon or other places should look into updating their Nest indoor cams to today's firmware.

Events like these -- where former Nest cam owners can still access their old devices -- usually happen when the device is sold without being reset to factory settings.

Good advice for any user who has recently purchased a second-hand IoT device is to reset it to factory settings before re-configuring for their home network.

HackerOne's top 20 public bug bounty programs

More vulnerability reports:

Editorial standards