2 min read

8-year-old 'scared to death' after hacked Nest security camera warns of missile attack

Graham CLULEY

January 23, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
8-year-old 'scared to death' after hacked Nest security camera warns of missile attack

A California family has described the ‘sheer terror’ it experienced after its smart security camera began broadcasting a bogus warning that three North Korean missiles were heading to Chicago, Los Angeles, and Ohio.

Laura Lyons, a resident of Orinda, California, told the Mercury News of the scare her family had on Sunday when an internet-connected Nest security camera, sitting on top of a television, broadcast a terrifying warning of intercontinental ballistic missiles launched by Pyongyang.

“It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate,” Lyons said Monday. “It sounded completely legit, and it was loud and got our attention right off the bat… It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on.”

Lyons’ eight-year-old son was so scared he crawled beneath the family’s rug.

Chances are the cold-hearted hackers were watching the entire panic through the family’s hacked Nest camera.

Before the incident, Laura Lyons and her family had not even been aware that the security camera contained speakers, let alone that the device was at risk of being hacked.

It took some time, and phone calls to Nest and the emergency services, to confirm that the missile strike warning had been a hoax and were likely to have been perpetrated by a hacker who had been able to access the device by using passwords exposed in a separate hack.

In other words, in all likelihood the Nest company – owned by Google – had not been hacked itself but rather the security camera in the Lyons’ home was vulnerable to being hacked because the family had made the mistake of using the same passwords that they had already used elsewhere on the internet.

Such password reuse is sadly one of the most common mistakes people make online. You should always use a unique password for each of your accounts and if you cannot remember it (which is almost certainly the case if you have chosen a unique, hard-to-crack password) then investing a decent password manager is a sensible decision.

The family’s concern turned to anger, however, when Nest admitted that a number of Nest camera owners had had a similar experience in recent weeks – although none which had warned of an imminent missile strike.

Readers may well recall one case we described last month, where a Canadian hacker commandeering control of a Nest camera told its Phoenix-based owner how to better secure it.

The Lyons family would most not likely have not had such a scare if they had taken the sensible step of using a unique, hard-to-crack password and enabled two-step verification (2SV) on their Nest app.

In a statement Nest said it was introducing features to harden the security of its IoT cameras:

“We take security in the home extremely seriously, and we’re actively introducing features that will reject compromised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read