Naked Security Naked Security

News in brief: bid to upgrade Pluto; Nest cameras vulnerable to attack; Google rolls out location sharing

Your daily round-up of some of the other stories in the news

Your daily round-up of some of the other stories in the news

Pluto could be upgraded to planet status

Still upset about Pluto being downgraded from a planet in 2006? Eight planets not enough for one solar system? If so, you’ll be delighted with the news that a paper to be presented at the annual Lunar and Planetary Science conference in Houston by Kirby Runyon of Johns Hopkins University will not only argue for the reclassifying of Pluto (pictured) as a planet, but also propose promoting more than 100 other solar system objects to planet status.

Runyon argues that Pluto “has everything going on on its surface that you associate with a planet … there’s nothing non-planet about it”. The proposed new definition of a planet says it’s a “sub-stellar mass body that has never undergone nuclear fusion” that has enough gravitational heft to to maintain a roughly round shape.

Meanwhile, space science got a boost on Wednesday as US President Donald Trump authorised funding for a crewed mission to Mars, adding such a mission as a key objective for NASA. The US space agency has been allocated more than $19bn for the fiscal year that starts in October, down slightly from the current year, but, said NASA, the agency was grateful “to a bipartisan Congress for its thoughtful consideration of the agency’s path forward”.

Nest cameras vulnerable to Bluetooth attack

We’ve written many times about vulnerabilities in connected security cameras, but the latest security holes, discovered by security researcher Jason Doyle, in Google’s Nest Cam, Dropcam and Dropcam Pro, could be exploited by a burglar close to your house – within Bluetooth range – rather than being compromised remotely.

Doyle has published details of the vulnerabilities on Github, but the short version is that two rely on sending what Engadget describes as excessively long WiFi data via Bluetooth to trigger a memory overflow that makes the camera crash and then reboot. The third tricks the camera by making it temporarily disconnect and look to connect to another network.

What this means is that the camera’s recording to the cloud will be temporarily disabled – giving the tech-savvy burglar time to go about their nefarious business. Doyle told the Register that the flaw hasn’t been patched, and points out that because you can’t turn off Bluetooth, you can’t protect yourself against it until the firmware is updated.

“There doesn’t seem to be any reason why [Nest] leaves Bluetooth on after setup unless they need it for future or current integrations,” said Doyle. “Some cameras like the Logitech Circle turn Bluetooth off after setting up WiFi.”

Google to roll out selective location sharing from Maps

Google Maps will shortly be rolling out a feature that allows users to temporarily share their location with their contacts – and the search giant promptly ran into trouble, with some pointing out that it’s a feature that could potentially be abused by stalkers and worse.

When it rolls out, you’ll be able to fire up Google Maps on your phone, tap the blue dot marking where you are, and then tap “share location”, choosing how long to share it and who to share it with.

While the user has control over it, concerns were raised that it could fuel suspicion in abusive partners if someone refused to share their locations. However, on the day when four people died as the heart of London came under attack and Facebook activated its “safety check” feature for Londoners, others welcomed the feature.

Catch up with all of today’s stories on Naked Security