Update: Google told The Verge that it has now fixed the problem.
We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest. We’ve since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.
Used Nest cams allow the original owner to spy on whoever buys them. The problem was discovered by a former owner of the popular Nest Cam Indoor.
Worryingly, the behavior survives the official reset procedure, and right now there appears to be no fix available for it …
Wirecutter reports that it applies to cameras that were connected to a Wink smart-home hub by the original owner.
A member of the Facebook Wink Users Group discovered that after selling his Nest cam, he was still able to access images from his old camera—except it wasn’t a feed of his property. Instead, he was tapping into the feed of the new owner, via his Wink account. As the original owner, he had connected the Nest Cam to his Wink smart-home hub, and somehow, even after he reset it, the connection continued.
We decided to test this ourselves and found that, as it happened for the person on Facebook, images from our decommissioned Nest Cam Indoor were still viewable via a previously linked Wink hub account—although instead of a video stream, it was a series of still images snapped every several seconds.
The issue may be due to the fact that the Nest Cam Indoor, Outdoor and Dropcam products don’t have a hardware factory reset option. Instead, the official reset process is to remove the camera from your account, at which point it should no longer permit access to the original owner. However, the Wink account retains access.
We then created a new Nest account on a new (Android) device that had a new data connection. We followed the steps for adding the Nest Cam Indoor to that new Nest account, and we were able to view a live stream successfully through the Nest mobile app. However, going back to our Wink app, we were also able to view a stream of still images from the Nest cam, despite its being associated with a new Nest account.
In simpler terms: If you buy and set up a used Nest indoor camera that has been paired with a Wink hub, the previous owner may have unfettered access to images from that camera. And we currently don’t know of any cure for this problem.
Those buying used cameras would have no way to know whether or not the original owner ever connected it to a Wink account.
The issue isn’t great timing for Google, coming in the same week that the company rebranded both Nest.com and the help center for the cameras, some five years after the search giant acquired the company.
Nest had not responded to Wirecutter’s request for comment at the time of writing. We can only echo the advice to refrain from buying used Nest cams, and unplug any you already own.
FTC: We use income earning auto affiliate links. More.