The recent stories of Nest cameras being hijacked are like something from a nightmare. Imagine if a strange voice suddenly boomed out in your home or began to shout slurs and obscenities at you. Detailed accounts of incidents just like this have surfaced in recent weeks, most of which sound like a morality tale about the dangers of weak cybersecurity more than anything that might actually happen.
The more concerning issue, however, isn’t the security lapses, but the company’s response to them. “We’re reaching out to assure you that Nest security has not been breached or compromised,” Nest said in an email sent to its customers. “For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet.”
In today’s world, everyone should be security conscious. Strong passwords are the modern-day equivalent of locking your doors at night. But even with that in mind, a company’s first response to major breaches shouldn’t be to say, “You need better security.” If Nest customers use the same email and password combination for their Nest account that they do for their email and other websites, any data breach could create vulnerabilities in any of their accounts.
Nest supposedly takes actions to prevent these kinds of breaches from affecting their customers. In the same email, Nest said, “For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists.”
The operative word is “known.” According to statistics, there were 668 known security breaches in 2018 and 1,579 breaches in 2017. It raises the question: How many breaches took place that weren’t discovered? The majority of data breaches are for-profit. After the breach, the hackers will sell the data to anyone interested in purchasing the information. If the breach contained no useful data, then it might never be detected.
The good news is that steps can be taken to prevent incidents like this from happening. Nest recommends enabling two-factor authentication to ensure no one can log in without a special code that will be sent each and every time you try to log in. Experts also recommend that anyone affected by the breaches make sure the hacker hasn’t added themselves to the Home Share plan, which will grant them access to your Nest account without a camera.
Even if you haven’t been affected by these incidents, it’s a good idea to enable two-factor authentication and take added steps to protect yourself. Even the more amusing incidents — like one hacker asking a homeowner’s Alexa to play Despacito — would be terrifying in the moment.
