There’s been a number of fairly alarming reports coming from Nest users about cameras being taken over by “hackers” who use unsuspecting Nest cameras to broadcast potentially terrifying messages of nuclear bomb threats from North Korea (or worse, asking Alexa speakers to play Justin Bieber). The more tech-savvy among us may recognise that this isn’t a security failure on Nest’s part, but rather tricksters finding that they’re able to log in to strangers’ Nest accounts with usernames and passwords that have been gathered and distributed around the internet.
It turns out these stories have gained enough traction for Nest to address the issue: Nest VP Rishi Chandra sent an email to users today to reiterate that the company’s devices have not been hacked and that there are some simple steps they can take to increase security. Foremost among those is turning on two-step verification and, of course, using a strong and unique password for your Nest account.
Clearly walks users through how their cameras could be compromised without it being Nest’s fault:
“For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.
His message also suggests setting up family accounts, rather than sharing an email and password with multiple members of the family who might need access to Nest. Similarly, he also says users should keep their routers secure and up-to-date and to keep eyes peeled for phishing email schemes.”
These are all reasonable tips, and one all users should take heed of, but the fact that it was necessary for Nest to send this email in the first place suggests the company let this story get away from it to some extent. Still, there isn’t much the company can do about its customers re-using insecure passwords other than insisting on 2 factor authentication. Chandra also said in his email that Nest proactively alerts customers when their credentials are found in data breaches and temporarily disables access to accounts.
Step 1: Login to your Nest account and select Account security then click to toggle “2 step verification” On.
Step 2: You will be asked to verify your account password and enter your phone/cell number.
Step 3: You will now receive a one-time use verification code on your mobile device, enter it in the spaces provided and click continue.
Step 4: You’re all set! Just check that the toggle is set at “On” and your phone number appears in space on screen.
Making sure you take these simple steps to secure your Nest or any home security system that allows 2 Step/Factor Authentication will ensure that you are in total control of your account.