A recent discovery has found that NEST CCTV cameras can be wirelessly hacked to crash and stop recording footage via bluetooth making them and the houses they protect perfect targets for criminals. Cesare Garlati, Chief Security Strategist at prpl Foundation commented below.
Cesare Garlati, Chief Security Strategist at prpl Foundation:
“This is yet another case where security by separation at the hardware layer of the device would keep malicious actors from configuring the cameras for their own gain. Without it, lateral movement inside the device is possible because there is no trust established within the device to distinguish which elements have the trusted ability to control critical functions, like turning the device off – it is essentially a free for all if you know where to look. And clearly these guys do. This is a major problem plaguing IoT and should be a wake- up call to device manufacturers to take the security of hardware in connected devices more seriously. In fact, hardware is the key to making security more robust in connected devices. It also further confirms that security through obscurity just doesn’t work anymore and it’s time for a more proactive approach to securing embedded devices including using open source, security through separation with hardware virtualisation and a root of trust established at the hardware level.”