Even though the issue is now fixed, this was a pretty big blunder on Google's part. So, what happened? One of the members of the Wink Users Group on Facebook found that after he sold his Nest camera, he was still able to access images from it, through his Wink account. This was not by means of malicious intent, but something he stumbled upon.
When he owned the camera, he linked it to his Wink smart home hub. Even though the camera was reset, it still allowed him to see images from the new owner's residence. The folks at Wirecutter tested the bug on their own hardware and successfully reproduced the creepy vulnerability, even after a full factory reset. They were not only able to access a series of still images from the Wink app, but also a live stream through the Nest mobile app. That's disturbing, to say the least.
In short, anyone who purchased a used Nest Indoor Camera that had been previously paired with a Wink hub was susceptible to this vulnerability. That's the bad news. The good news is, Google has started pushing out a fix to address the exploit.
"We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest. We've since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action," Google said in a statement.
Well, there actually is some action Nest owners should take, and that is to verify that their cameras have in fact been updated. It's not possible to update a Nest camera manually—updates are pushed out automatically as long as the camera is connected to Wi-Fi and the Internet. However, they don't always arrive at the same time.
We'd like to think that Google is prioritizing this particular update and rushing it out to all Nest owners right away, but only Google knows if that is the case. You can hit that link to to the support document to look up the latest update version number for your particular Nest device, and then verify that it's installed by checking the accompanying mobile app on your smartphone or tablet.