Web-connected cameras can be great security and monitoring tools that can keep your home safe. They can give you with a bit of peace of mind, knowing that you can watch your home wherever you are.
But what if a hacker takes over your webcams as if they’re his own? What if a someone uses all your smart home’s smarts against you?
This is exactly what happened to this Illinois family recently. Read on and see how the terrifying ordeal unfolded and what you can do to prevent it from happening to you and your family.
‘My blood ran cold’
A “smart home aficionado” from Illinois recently told CBS Chicago that they haven’t had a good night’s sleep in 10 days after a hacker broke into his Nest account and remote controlled his home security cameras and thermostats.
Arjun Sud, a homeowner from Lake Barrington, said that shortly after he and his wife put their 7-month old baby to bed, they heard a peculiar noise coming from the nursery. As Sud approached the room, he realized that it was a male voice coming from the nursery’s Nest cam, one of the 16 he owns.
“I was shocked to hear a deep, manly voice talking,” Sud told CBS. “… My blood ran cold.”
But the couple also noticed that their Nest home thermostat was raised to a dangerous 90 degrees Fahrenheit. Terrified, they then took their sweating baby downstairs but the horror didn’t stop — the hacker started taunting and cursing them from his downstairs camera.
“Asking me, you know, why I’m looking at him because he saw obviously that I was looking back and continuing to taunt me,” Sud told CBS.
Once Sud got past his initial shock, he managed to record a portion of the conversation. The couple then disconnected their Nest cameras, called the police and Nest itself.
Nest replied that he should have been using a unique password and two-factor authentication. His main gripe, however, is that Nest can’t tell him how long the hack has been going on.
“We don’t know how long someone was in our Nest account watching us,” Sud said. “We don’t know how many private conversations they overheard.”
He said he is extremely disturbed that with all the Nest cameras installed all over his home, aside from a blue light that turns on when someone is talking, there’s no other indication that a stranger could be watching.
“Until they actually communicate with you, they could be in here, watching as we are doing right now, and there is no difference. You can’t tell,” Sud explains.
Not the first time
The Suds’ ordeal follows another terrifying incident that involved a compromised Nest camera. Just last week, a hacker broke into a California family’s Nest account and sent voice warnings about an impending nuclear strike from North Korea.
In both cases, the Nest accounts were compromised using stolen passwords from the victims’ other online accounts. It turns out that both families were using recycled passwords that were also being used on other sites.
This jacking technique is commonly referred to as “credential stuffing.” This is when someone feeds the credentials to an automated program that tries them all out on various websites, hoping that people have reused their passwords on multiple services. And with all the massive data breaches that are happening on a regular basis, stolen credentials are now being freely distributed online.
This is a good reminder of why you should always use unique passwords for all your accounts and never ever reuse the same password for multiple online services and websites. And while you’re at it, don’t use weak passwords that can be easily cracked. Here are new ways to come up with a secure password.
Always use 2FA for your Nest account
For even better security, use two-factor authentication (2FA) whenever available. 2FA gives you an extra layer of security that will help keep your accounts safe.
With the 2FA setting enabled, instead of just providing just your username or password to log in to an account, a secondary form of verification is required to prove your identity. The idea is that even though hackers may have figured out your credentials, without the special code, they still won’t be able to access your account.
To protect your Nest account and prevent these simple hacks from happening, it is a must that you enable its 2FA option. Here’s how you do it:
- Make sure all the phones and tablets used to access your account have the latest version of the Nest app.
- On the Nest app home screen, tap Settings.
- Select Account, then Manage account.
- Tap Account security.
- Select 2-step verification. Then tap the switch to toggle 2-step verification On.
- Follow the prompts to enter your password, phone number, and unique verification code sent to your phone.