قالب وردپرس درنا توس
Home / Business / No, Nest Cams are not hacked to make fake atomic bombing

No, Nest Cams are not hacked to make fake atomic bombing



The fear could have been real. The hack Not so much. But the fact that a family feared for five minutes that North Korea was firing ballistic intercontinental ballistic missiles in the United States is definitely a teachable moment for all of us.

The Mercury News

19659004] tells the story of Laura Lyons, a mother in Orinda, California whose surveillance camera Nest gave her family what she called "five minutes of pure terror" When she suddenly heard a legitimate sounding emergency warning in Los Angeles, Chicago and Ohio, she only had hours to be evacuated before being hit by nuclear weapons.

It turned out that the warning came from their Nest Cam ̵

1; and it was reported that a Nest customer service supervisor suggested they might have been the victim of a hack. As the Mercury News and others point out, this is not the first time.

But unlike the headlines you read on the Internet, the camera itself was not hacked The safety of Nest was not violated. This is not the story of a crafty thief breaking into the badly protected device of a human being.

A spokesman for Google confirmed The Verge that what the Mercury News proposed is correct: in these cases, the user's credentials were already compromised:

This Recent reports are based on customers who use compromised passwords (which are revealed by violations on other websites). In almost all cases, verification by two factors eliminates this type of security risk.

This is the story of someone using the same password more than once both for Nest and another, disjointed site that was violated. From this point on the camera does not need to be hacked anymore. Until Lyons changes the password, anyone can use the challenged credentials to log in to the regular Nest app. No hacking tools required.

It's not even as if the alleged "hacker" would have to do something special to cause an audio scare Send: Like Most of these cams have a built-in feature (in this case "Talk and Listen") that lets you talk to someone in front of the camera over the Internet.

And there is a fairly simple start to password protection protection that Nest has been offering since March 2017: two-factor authentication.

Two-factor authentication (2FA) is not perfect. Especially the kind that relies on text messages. I recommend an authentication app and possibly even a security key, depending on what you do. However, 2FA is remarkably easy to set up and use, is offered by virtually every major Internet service, and is generally child's play, considering how many password violations we see today and how many people tend to reuse weak passwords.

You can also try a password manager.

Google says it is also looking for additional protection for Nest. "We're actively introducing features that deny comprehensive passwords, allow customers to monitor access to their accounts, and track external entities that abuse credentials," reads part of a statement.

The only place that could well blame Google is that it does not tell Nest users that there's this kind of nightmare fuel – that they, too, might find a stranger screaming from the Internet, now, since this has happened several times.

But the company also took some action last month by proactively resetting the passwords that appeared to have been violated, which prevents vulnerable passwords from being used, according to a statement sent by the company on December 19th , customers were again asked to use 2FA.

Should Nest have made every effort to announce that its cameras could be used for nuclear anxiety when Nest's cameras are not particularly vulnerable to cameras from other manufacturers? That seems to me a distance.


Source link