Used Google Nest cameras connected to the Wink hub are spying on users [u]

Posted:
in General Discussion edited June 20
Second-hand Google Nest Cam Indoor models can send images of your home to the Wink hub of the camera's previous owner, but Google has announced a fix.

The Google Nest Indoor Cam (Photo: Google)
The Google Nest Indoor Cam (Photo: Google)


If you've ever wondered who buys your secondhand gear on eBay, sell them your Google Nest Cam Indoor and find out. Even if you follow Nest's instructions on how to reset the camera and remove it from your account and Wink hub, you may get images sent from the camera in its new home.

"We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest," a Google spokesperson told AppleInsider. "We've since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there's no need to take any action."

According to The Wirecutter, the problem concerns using the Nest camera with a Wink hub and account.
A member of the Facebook Wink Users Group discovered that after selling his Nest cam, he was still able to access images from his old camera-- except it wasn't a feed of his property. Instead, he was tapping into the feed of the new owner, via his Wink account. As the original owner, he had connected the Nest Cam to his Wink smart-home hub, and somehow, even after he reset it, the connection continued.
The Wirecutter independently confirmed the issue, though rather than a video stream, they got a series of still images.

Wink is a smarthome hub that's been on sale for many years and used for a range of devices from cameras to air conditioning.

This discovery comes shortly after Google announced the end of its "Works with Nest" progam specifically to improve security and customer privacy.

"Our goal is simple: earn and keep your trust by clearly explaining how our products work and how we'll uphold our commitment to respect your privacy," wrote Rishi Chandra, vice president of product at Nest, in a blog post.

Update June 20, 8:57 A.M. Eastern time: Google has told AppleInsider that it is rolling out a fix.
«1

Comments

  • Reply 1 of 25
    People were freaking out about the Group FaceTime bug and it was plastered all over the news. Let’s see what the reaction to this is, which seems like it could be much worse and more privacy invading. 
    jahbladelkrupplostkiwiStrangeDaysLordeHawkchasmwatto_cobrajony0
  • Reply 2 of 25
    TomETomE Posts: 144member
    Made in China ?

    watto_cobra
  • Reply 3 of 25
    tulkastulkas Posts: 3,754member
    People were freaking out about the Group FaceTime bug and it was plastered all over the news. Let’s see what the reaction to this is, which seems like it could be much worse and more privacy invading. 
    This is way worse in that you have no idea strangers are watching you while with the FaceTime bug at least your phone rang. Also, with the FT bug, even if someone did use it, chances are very slim that your phone would be positioned to be watching you are anything of interest, with chances being high that if you weren't actively using the phone (and therefore aware FT was running) then it would be in your pocket or purse or sitting on a desk viewing the ceiling or desktop. On the other hand, the cameras would be intentionally focusing on a view of you and your home.

    This won't make news. Every single google product and service is designed as spyware and to put users under surveillance. People have either accepted that they are always being spied on with google or their cognitive dissonance doesn't allow them to acknowledge it. Either way, it becomes a non story.
    jahbladetmayjbdragonlostkiwirazorpitchasmwatto_cobra
  • Reply 5 of 25
    tulkastulkas Posts: 3,754member
    TomE said:
    Made in China ?

    But designed in Mountain View. Hence the spying.
    GeorgeBMacAppleExposedStrangeDayslolliverwatto_cobra
  • Reply 6 of 25
    gatorguygatorguy Posts: 20,929member
    This reportedly only affected a used Nest Cam that had been paired with a 3rd party Wink Hub (?), sending still images snapped every few seconds (Wink Hubs don't allow for streaming Nest footage to begin with). Surprisingly Google rolled out a fix within a few hours of being made aware of it. 

    "Google has updated Nest Cam software to prevent an issue whereby footage from a previously linked camera could still be viewed - even when the camera itself was removed from a Nest account.

    "We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest," a Google spokesperson told The Ambient.

    "We've since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.”

    Despite "Works with Nest" partners vociferously complaining about Google's announced intent to cut off 3rd parties from having any control over Google devices beginning this August prompting Google to slow down the migration away I hope now they go back to their original plan and sooner rather than later. It might be an inconvenience to some folks with certain routines running thru 3rd parties but definitely leads to a more secure home system which is the reason Google said they were doing so. This is proof of that. 

    edited June 20 muthuk_vanalingam
  • Reply 7 of 25
    IoT === Idiots or Twits

    use this stuff. Sorry if that offends some people but you really don't know where your device is 'phoning home' to. Sorry, it isn't your device even if you have paid hard earned money for it. All you have is a license to use something. If the parent company goes TITSUP or just decides to make your device obsolete it becomes just another item of electronic junk.

    None of this [redacted] will ever come into my home. I might be a luddite to some but at least I'm not being spied upon 24/7.
    DAalseth
  • Reply 8 of 25
    MacProMacPro Posts: 18,359member
    gatorguy said:
    This reportedly only affected a used Nest Cam that had been paired with a 3rd party Wink Hub (?), sending still images snapped every few seconds (Wink Hubs don't allow for streaming Nest footage to begin with). Surprisingly Google rolled out a fix within a few hours of being made aware of it. 

    "Google has updated Nest Cam software to prevent an issue whereby footage from a previously linked camera could still be viewed - even when the camera itself was removed from a Nest account.

    "We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest," a Google spokesperson told The Ambient.

    "We've since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.”

    Thanks for the update Google.
    SolicornchiplostkiwiRayz2016lolliverwatto_cobra
  • Reply 9 of 25
    GeorgeBMacGeorgeBMac Posts: 4,961member
    This is a good example of why I will not consider ANY smart home product that uses a non-Apple hub.   The hubs are designed to capture and funnel information.  From there, you have to rely on the manufacturer not to misuse that information (including, in this case, negligence).   And, there is only one manufacturer that I trust.
    tomkarljahbladeGG1darren mccoylostkiwiDAalsethlolliverwatto_cobra
  • Reply 10 of 25
    gatorguygatorguy Posts: 20,929member
    This is a good example of why I will not consider ANY smart home product that uses a non-Apple hub.   The hubs are designed to capture and funnel information.  From there, you have to rely on the manufacturer not to misuse that information (including, in this case, negligence).   And, there is only one manufacturer that I trust.
    Agreed. They are far too many smart-home device makers who require their own hub for compatibility. That opens too many possible entry-point flaws and in my opinion a horrid idea. Google should go back to the plan of cutting out all 3rd party control access and require working only via Google controlled systems directly. So should Apple who I think only recently changed their program to allow for 3rd party hubs, or have they always done so? Amazon too. 
    GeorgeBMac
  • Reply 11 of 25
    davgregdavgreg Posts: 431member
    I will not buy anything tied to the Google ecosystem as they just have no credibility on the issue.  

    Remember when they were ramping up Google Street View and the cars were scarfing up the open WiFi data tied to GPS location all over the US and elsewhere? I remember Steve Jobs wryly commenting on how it was accidental at the All Things D conference with Uncle Walt and Kara Swisher.

    How many times have they been outed for browsers and plug ins that phone home all the time, that disregard do not track requests and who knows what else?

    If you wish to trust them, feel free. I am not going to.
    edited June 20 AppleExposedlostkiwilolliver
  • Reply 12 of 25
    GeorgeBMacGeorgeBMac Posts: 4,961member
    jimh2 said:
    TomE said:
    Made in China ?

    LOL... Keep the anti-China propaganda slurs coming.   Trump needs it.  It's all he has.  
    You are kidding right? China has been crapping on us with no remorse. We finally have someone who says enough is enough and you want the status quo. You do realize they in effect "own" us with the trade deficit we are running and they continue to steal our intellectual property. At what point would you say stop.
    Sorry, I forgot to watch Faux this morning.   Thanks for letting me know.
  • Reply 13 of 25
    jbdragonjbdragon Posts: 2,154member
    IoT === Idiots or Twits

    use this stuff. Sorry if that offends some people but you really don't know where your device is 'phoning home' to. Sorry, it isn't your device even if you have paid hard earned money for it. All you have is a license to use something. If the parent company goes TITSUP or just decides to make your device obsolete it becomes just another item of electronic junk.

    None of this [redacted] will ever come into my home. I might be a luddite to some but at least I'm not being spied upon 24/7.
    I won't use IoT devices. I am a Homekit house. Everything using Homekit is all Encrypted. It's much more secure. There are a few IoT devices out there that are quite secure like the RING Doorbell. That's because a lot of work is done to keep it secure. Besides it's a outside camera looking outwards, so if anyone saw those pictures would it really matter? I have 5MP PoE cameras mounted around my house outside. Connected to a NVR. (Network Video Recorder) Like most things, it's all made in China. Do I know only I can see what is being seen? Who knows? I don't have cameras inside my house. I haven't taken that step and really have no plans to. When installing a camera setup for a friends house and they had 1 extra camera, they wanted to use it inside and so it's pointed down from the second story wall down into the Living room and right at the front door. It's a pretty boring view.

    Can you really trust any of this stuff, no! So in the just in case category, don't put a camera in the bedroom. I wouldn't put a Google or Amazon Box in the bedroom either. You could buy a new TV that has a Mic in it and never know!!!
    edited June 20 watto_cobra
  • Reply 14 of 25
    mknelsonmknelson Posts: 362member
    "Candid Photography"


  • Reply 15 of 25
    jbdragon said:
    There are a few IoT devices out there that are quite secure like the RING Doorbell.
    Does the Ring thing phone home or need an external network connection of any kind? What happens if RING goes bust? Will your door refuse to open? etc etc etc

    Sorry but not even Homekit is coming into my home.
    Call me a luddite if you wish but I'm one of those people who really cares about their privacy.
  • Reply 16 of 25
    jungmarkjungmark Posts: 6,709member
    It’s a feature. It’s to let you know your old device is in good hands. :)
    lolliverwatto_cobra
  • Reply 17 of 25
    AppleExposedAppleExposed Posts: 1,404unconfirmed, member
    IoT === Idiots or Twits

    use this stuff. Sorry if that offends some people but you really don't know where your device is 'phoning home' to. Sorry, it isn't your device even if you have paid hard earned money for it. All you have is a license to use something. If the parent company goes TITSUP or just decides to make your device obsolete it becomes just another item of electronic junk.

    None of this [redacted] will ever come into my home. I might be a luddite to some but at least I'm not being spied upon 24/7.
    Doesn't apply to Apple.
    StrangeDayslolliver
  • Reply 18 of 25
    StrangeDaysStrangeDays Posts: 8,306member
    IoT === Idiots or Twits

    use this stuff. Sorry if that offends some people but you really don't know where your device is 'phoning home' to. Sorry, it isn't your device even if you have paid hard earned money for it. All you have is a license to use something. If the parent company goes TITSUP or just decides to make your device obsolete it becomes just another item of electronic junk.

    None of this [redacted] will ever come into my home. I might be a luddite to some but at least I'm not being spied upon 24/7.
    Your position isn’t offensive, it’s just dense. IoT is fine with appropriate security and privacy measures. HomeKit devices sport such things. Stuff by the advertising company seem to drop the ball, over and over. 

    Just choose wisely. If you trust Apple with the mic and camera in your devices, you’ll be fine. 
    AppleExposedlolliverwatto_cobra
  • Reply 19 of 25
    StrangeDaysStrangeDays Posts: 8,306member

    jbdragon said:
    IoT === Idiots or Twits

    use this stuff. Sorry if that offends some people but you really don't know where your device is 'phoning home' to. Sorry, it isn't your device even if you have paid hard earned money for it. All you have is a license to use something. If the parent company goes TITSUP or just decides to make your device obsolete it becomes just another item of electronic junk.

    None of this [redacted] will ever come into my home. I might be a luddite to some but at least I'm not being spied upon 24/7.
    I won't use IoT devices. I am a Homekit house.
    HK devices are among those in the IoT. 
    AppleExposedlolliver
  • Reply 20 of 25
    StrangeDaysStrangeDays Posts: 8,306member
    Designing for privacy just isn’t in Google’s DNA. They’re an advertising company.
    AppleExposedlolliverMacProwatto_cobra
Sign In or Register to comment.