Latest in Gear

Image credit:

Nest reminds owners to secure their cameras after creepy scares

Two-factor authentication is a thing, people... use it.
Nathan Ingraham
February 6, 2019
Share
Tweet
Share

Sponsored Links

Engadget

In recent weeks, there's been a number of fairly alarming reports coming from Nest users about cameras being taken over by "hackers" who use their access to broadcast potentially terrifying messages (or even asking Alexa speakers to play Justin Bieber). The more tech-savvy among us may recognize that this isn't a security failure on Nest's part, but rather tricksters finding that they're able to log in to strangers' Nest accounts with usernames and passwords that have been gathered and distributed around the internet.

It turns out these stories have gained enough traction for Nest to address the issue: Nest VP Rishi Chandra sent an email to users today to reiterate that the company's devices have not been hacked and that there are some simple tips they can take to increase security. Foremost among those is turning on two-step verification and, of course, using a strong and unique password for your Nest account.

Chandra also clearly walks users through how their cameras could be compromised without it being Nest's fault:

For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it's possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we've seen recently.

His message also suggests setting up family accounts, rather than sharing an email and password with multiple members of the family who might need access to Nest. Similarly, he also says users should keep their routers secure and up-to-date and to keep eyes peeled for phishing email schemes.

These are all reasonable tips, and one all users should take heed of, but the fact that it was necessary for Nest to send this email in the first place suggests the company let this story get away from it to some extent. Still, there isn't much the company can do about its customers re-using insecure passwords. Indeed, Chandra said in his email that Nest proactively alerts customers. when their credentials are found in data breaches and temporarily disables access to accounts.

In this article: gear, google, nest, nestcam, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Image bricks some Android phones when used as wallpaper

Image bricks some Android phones when used as wallpaper

View
The first Atari VCS units should be ready by mid-June

The first Atari VCS units should be ready by mid-June

View
Amazon sellers use 'collectible' label to dodge price gouging rules

Amazon sellers use 'collectible' label to dodge price gouging rules

View
NBCUniversal’s Peacock launches today: Here’s what you need to know

NBCUniversal’s Peacock launches today: Here’s what you need to know

View
Samsung's next Galaxy Watch gets spoiled by the FCC

Samsung's next Galaxy Watch gets spoiled by the FCC

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr