While we’ve been warned that cameras and other Wi-Fi devices in our homes can be hacked, few imagined that something as scary as this could happen:
Laura Lyons, a resident of Orinda, Calif., near San Francisco, was in her kitchen this past Sunday cooking dinner. Suddenly, she heard the loud, vaguely familiar sound that usually accompanies the beginning of an emergency broadcast message, such as an Amber Alert. It was coming from her living room. Following this call to attention sound was a loud voice warning that three North Korean intercontinental ballistic missiles were headed to Los Angeles, Chicago, and Ohio
According to the article in the San Jose Mercury News, Lyons explained, “It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate. It sounded completely legit, and it was loud and got our attention right off the bat.”
“It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on,” she said.
Lyon said that the detailed nuclear war message even claimed to be from “Civil Defense” and provided numerous details, including the fact that President Trump had been taken to a secure facility.
Lyons and her husband stood helpless and confused because, in spite of the alert, their television continued to air the NFC playoff championship football game. Their eight-year-old child was scared as well, and tried to hide under a rug.
Eventually, they realized that the warning had come from the Nest security camera that was perched atop their TV.
The couple called 911 and Nest, and eventually figured out that they were the victims of someone who had broken into their camera and was able to use its built-in speaker. They spoke to a Nest customer service representative who attributed the problem to a third-party hacker who was able to gain access to the camera and speakers.
Apparently, Nest has had numerous incidents along these lines affecting a number of their products. They’re not alone — incidents have been reported from other companies as well. One incident that was reported in December was a voice screaming over a baby monitor, threatening to kidnap the child.
But was it Nest’s fault?
According to a story just published on The Verge, the camera itself wasn’t hacked and no one broke through Nest’s security that is built into the camera. The problem was caused by someone signing into the user’s Nest account after Lyons’ password was compromised.
While Nest may not have been at fault, the scare was very bad. And it shows how each time we add a new connected device we increase our vulnerability.
What’s the solution? Strengthen the sign-in process using a two-factor option that requires a second confirmation on another device. Here’s a link from The Verge to help those with Nest devices change to two-factor authentication.