3 min read

Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security

Graham CLULEY

December 20, 2018

Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security

If it was late at night and you were out in your back yard, and you heard an unknown voice coming from inside your house – how would you feel?

My guess is that you would feel pretty spooked, especially if you knew there was no-one in your house.

Well, just a few weeks ago that’s what happened to Phoenix real estate agent Andy Gregg. And his initial petrified thought was that he had an intruder in his home.

Well, the truth was that he did have a type of intruder – but not one who had physically entered his home. You see the person who had broken their way into Gregg’s home was a Canadian hacker – whose voice was being broadcast through a Nest security camera.

Gregg had the quick wits to record what happened next on his smartphone, and described his experience to the Arizona Republic.

The “white hat” hacker, who claimed to be part of a group calling itself the “Anonymous Calgary Mindhive”, said it hadn’t been hard for him to hijack control of Gregg’s Nest security camera.

But, claimed the unnamed hacker’s disembodied voice, his intention wasn’t to spy, steal, or instil fear:

“We don”t have any malicious intent, but I”m just here to kind of let you know so that no one else, like any black-hat hackers, follow. There are so many malicious things somebody could do with this.”

Gregg had made the mistake of using the same password to “secure” his IoT camera as he had used in online accounts. Like so many others, Gregg hadn’t recognised the danger of reusing login credentials and when a breach occurred at an online site, his login and password were leaked into the public domain.

And whereas many maliciously-minded hackers might have used the details to break into Gregg’s email account, seize control of his Facebook profile, or order goods on Amazon, this particular intruder used the details to log into Gregg’s camera instead.

Gregg’s camera would most likely not have been compromised if he had taken the sensible step of using a unique, hard-to-crack password or had enabled two-step verification (2SV) on his Nest app.

For years security experts have advocated that users should enable 2SV or two-factor authentication on their online accounts, and that advice is just as wise for IoT devices.

With an additional level of authentication in place, it should be much harder for hackers to gain access to your internet-enabled devices – even if they have managed to gain access to your password.

Gregg told the Arizona Republic that he has taken the polite Canadian hacker’s advice to heart, changed his passwords, and unplugged the camera.

But, as a real estate agent, Gregg has given IoT cameras to his clients as gifts in the past. He wonders how many of them may have set them up as insecurely as he did:

“I have a ton of clients in real estate that use these things to watch their kids. They’ll watch their living rooms, they’ll keep them all over the house for their protection. But these hackers can go in there, and if they can watch your kids while they’re sleeping or changing, just think of what they can do with that.”

Smart devices and IoT gadgets appeal to the geek in all of us, and can make our lives run more smoothly – but we all need to be careful to follow best practices to ensure that they don’t bring unwelcome visitors into our homes.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read