The fear could have been real. The hack Not so much. But the fact that a family feared for five minutes that North Korea was firing ballistic intercontinental ballistic missiles in the United States is definitely a teachable moment for all of us.
The Mercury News
19659004] tells the story of Laura Lyons, a mother in Orinda, California whose surveillance camera Nest gave her family what she called "five minutes of pure terror" When she suddenly heard a legitimate sounding emergency warning in Los Angeles, Chicago and Ohio, she only had hours to be evacuated before being hit by nuclear weapons.
It turned out that the warning came from their Nest Cam ̵
But unlike the headlines you read on the Internet, the camera itself was not hacked The safety of Nest was not violated. This is not the story of a crafty thief breaking into the badly protected device of a human being.
A spokesman for Google confirmed The Verge that what the Mercury News proposed is correct: in these cases, the user's credentials were already compromised:
This Recent reports are based on customers who use compromised passwords (which are revealed by violations on other websites). In almost all cases, verification by two factors eliminates this type of security risk.
This is the story of someone using the same password more than once both for Nest and another, disjointed site that was violated. From this point on the camera does not need to be hacked anymore. Until Lyons changes the password, anyone can use the challenged credentials to log in to the regular Nest app. No hacking tools required.
This is certainly a scary thing for the owners with whom it happened, but this is not a story about smart home hacking, it's a story about password hygiene and not using the same passwords for everything. https://t.co/dGK2VJuc2G[19459003-DanSeifert(@dcseifert) January 22, 2019
It's not even as if the alleged "hacker" would have to do something special to cause an audio scare Send: Like Most of these cams have a built-in feature (in this case "Talk and Listen") that lets you talk to someone in front of the camera over the Internet.
And there is a fairly simple start to password protection protection that Nest has been offering since March 2017: two-factor authentication.
Two-factor authentication (2FA) is not perfect. Especially the kind that relies on text messages. I recommend an authentication app and possibly even a security key, depending on what you do. However, 2FA is remarkably easy to set up and use, is offered by virtually every major Internet service, and is generally child's play, considering how many password violations we see today and how many people tend to reuse weak passwords.
You can also try a password manager.
Anyone with a Nest device, PLEASE:
1) Log in to https://t.co/3WHnKRRVV[19459031an2)Clickontheiconinthetoprightcornerofthescreen
3) Click on "Account Security"
4) Click the button next to "2-step verification" to EIN
. 5) Enter your phone number. https://t.co/YpoD7rnoAJ[19459003-MattLinton⚕️⚒️(@0xMatt) January 22, 2019
Google says it is also looking for additional protection for Nest. "We're actively introducing features that deny comprehensive passwords, allow customers to monitor access to their accounts, and track external entities that abuse credentials," reads part of a statement.
The only place that could well blame Google is that it does not tell Nest users that there's this kind of nightmare fuel – that they, too, might find a stranger screaming from the Internet, now, since this has happened several times.
But the company also took some action last month by proactively resetting the passwords that appeared to have been violated, which prevents vulnerable passwords from being used, according to a statement sent by the company on December 19th , customers were again asked to use 2FA.
Should Nest have made every effort to announce that its cameras could be used for nuclear anxiety when Nest's cameras are not particularly vulnerable to cameras from other manufacturers? That seems to me a distance.