A California family recently had a major scare when their Nest Cam started yelling out a nuclear missile warning, warning the family that North Korea had launched ICBMs towards the United States. What was first assumed a terrifying hack, though, turns out to simply be a case of poor password management.
Nomad case for Pixel 3
First reported on by local Bay Area news publication Mercury News, a family in Orinda, California were given a terrifying experience when their Nest Cam started warning them of an incoming nuclear missile attack on the United States. In hindsight, it seems pretty obvious that this was a hoax given the fact that the TV still played as usual, but it still resulted in “five minutes of sheer terror” with the family.
Once the cause was discovered, the family contacted Nest support and were told by a supervisor that this could be the result of a hack on the camera. As Google confirms to The Verge, though, the camera itself wasn’t hacked and Nest’s security wasn’t breached. Rather, this, and other similar reports in recent weeks, are simply due to bad password management.
Apparently, affected users were using compromised passwords that were in use on other websites. After those passwords were exposed through a breach on other sites, they remained in use on a Nest account. Using those credentials, attackers simply logged into the Nest account and did whatever they wanted.
These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of the security risk.
Google adds that simply using two-factor authentication could have solved this problem. Even if the compromised password remained in use, the attacker still would have run into a roadblock from the two-factor system. Plus, it’s pretty easy to turn that security feature on. The company also mentions that it’s looking into adding additional protection including rejecting compromised passwords.
More on Nest:
- Nest competitor Ring reportedly gave employees full access to customers’ live camera feeds
- Source: Google working on a ‘Nest’ rebrand
- Now is the time to go all-in on a Google-powered smart home