If this doesn’t convince people of the importance of protecting Internet of Things devices, it’s unclear what will. These are still using data and can be hacked just like any other device. A California family had their Nest Cam security camera hacked, and it convinced them that the United States was under a missile attack from North Korea.
Laura Lyons reports that her Nest Cam was hacked after it told her family on Sunday that three North Korean missiles were headed to Los Angeles, Chicago, and Ohio. Before the warning, there was a loud alarm.
The message also said that the U.S. was retaliating for the nuclear attack and that the areas that were being hit had three hours to evacuate, according to the Orinda, California, woman. She checked news stations and didn’t learn anything more. Once she realized the message was originating from her Nest Cam, she called the company.
A representative of the company told Lyons she was the victim of a “third party hack.” The company believes this happened because of a stolen password.
“Nest was not breached,” said a spokeswoman on Tuesday. “These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of the security risk.
“We take security in the home extremely seriously, and we’re actively introducing features that will reject compromised passwords, allow customers to monitor access to their accounts, and track external entities that abuse credentials.”
This is only the most recent hack. Last month a hacker compromised the camera of an Arizona man and warned him of security vulnerabilities, and a hacker told a couple through their device he’d kidnap their child.
Security experts say that to prevent hackers from using stolen passwords to log into IoT devices, companies need to educate users on using better security.
While users can use a stronger password and employ two-factor authentication, these aren’t requirements. Betsy Cooper, founding director of the Aspen Policy Hub, believes IoT device manufacturers should turn on two-factor authentication by default and allow users to turn it off, instead of the other way around.
“Companies should shift the way that they think about those things,” she said, “so they’re not making stronger security so easy to avoid.”
What you can do
You can check to see if your password has been included in known data breaches using the Have I Been Pwned site. But even if you find out your password hasn’t been hacked, it doesn’t mean you can proceed without caution. Everyone just needs to realize their smart devices can be hacked just the same as any computer or mobile device.
Have you ever had a security camera or other IoT device hacked? Let us know your experiences and what you think of Lyons’ Nest Cam being hacked in the comments below.
Image Credit: Nest