Sign in to follow this  
Springfield

My Nest camera system was hacked last night

Recommended Posts

Morning all,

 

Last night my Nest IP camera system was hacked.  I have several IoT devices in my house.  Two Nest camera (one in each of my kids rooms), Two Arlo cameras (outside cameras), an Ecobee thermostat, several Sonos speakers, a couple Amazon Dots.  The convenience of these connected devices is great.  This story will be a good reminder to keep your stuff secure.

 

Last night, I was getting my two kids ready for bed.  I was in the youngest child’s (2) room getting ready to change his diaper while my oldest (4) was getting into his pajamas in his own room.  My oldest child walks into the room and asks for help buttoning up his shirt.  From the camera in the room I hear, “Button up his shirt ****.”  Taken slightly by surprise, my mind goes into action.  I’ve heard of IP cameras being hacked before but never thought it would happen to me.  “Go downstairs to your mom.” I tell my two kids.  I walk over to the camera and put my finger over the lens so it can’t see me.  “I can’t see you ****” I hear from the camera.

 

From my oldest child’s room, next door over, I then hear the same voice from that camera.  I take the camera that I was holding a finger over and point it down towards the wall.  I get out of the room and log into my Nest account.  I immediately change the password, the login email and enable two factor authentication.  I heard nothing from the cameras after that.

 

Spooked, but more rather angry that this happened to me, I spent the next couple of hours securing all of my stuff.  My first concern is how EXACTLY this person gained access to my Nest cameras.  I googled but mostly returned sensationalist stories of this same instance happening to other people.  A reddit thread directed me to the website www.haveibeenpwned.com where I plugged in the email associated with my Nest account login.  That email had been hacked, multiple times over.  It was an old outdated email from when I had Cox internet years ago.  My hunch is that this person had a dump of emails and passwords and was able to gain access through simple brute force.

 

I contacted Nest and chatted with support staff.  They’ll be elevating my case to senior support and I should hear back from them in 3-5 days.  My hope is that they can confirm that someone used my old email and password to access my account that way.

 

I changed my WiFi password to something MUCH longer, changed the login and password to any account that used that old email.  I’ll probably go through and change any logins for important stuff today, banks, credit cards, etc.  Huge pain in the ass.

 

Ultimately, I want this to be a warning to anyone who may be using connected cameras or other devices that can be used for listening.  Make sure your stuff is secure.  Use two factor authentication if possible.  I don’t believe that this is someone who hacked into my system locally through WiFi, I think this is someone (he sounded like a punk Asian kid/young adult) from anywhere across the globe.

 

Thats all.

  • Thanks 2
  • Sad 2

Share this post


Link to post
Share on other sites

We have some connected home devices (Echo, Nest thermostat, etc), but this is exactly why we opted for a closed circuit baby monitor.  It's marginally less convenient, but we had heard stories exactly like this and, no thanks. 

 

This also raises the issue of how our country has gotten to the point where hacks of people's private information is viewed basically without alarm, and the companies who allow this information to be vulnerable face very little in the way of repercussion. 

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
7 minutes ago, PleaseBlitz said:

This also raises the issue of how our country has gotten to the point where hacks of people's private information is viewed basically without alarm, and the companies who allow this information to be vulnerable face very little in the way of repercussion. 

Indeed.  Facebook is only starting to suffer consequences because their lack of giving two ****s about protecting your private information got in the way of politics.

Edited by PokerPacker
  • Like 1

Share this post


Link to post
Share on other sites
17 minutes ago, PleaseBlitz said:

 

This also raises the issue of how our country has gotten to the point where hacks of people's private information is viewed basically without alarm, and the companies who allow this information to be vulnerable face very little in the way of repercussion. 

 

In your legal opinion, should the host company (Nest in this case, owned by Amazon?) be held liable?  Or rather should a law be made to offer bigger punishment to them or require a certain line of security?

 

I think our congress, on both sides of the aisle are woefully inept in this regard.

  • Like 1

Share this post


Link to post
Share on other sites
49 minutes ago, PokerPacker said:

This is exactly why I am not on board with all the smart-home stuff.  I'll take a dumb-home, thank you.

 

Yep, not into it.  Don't think I ever will be.  

 

**** Alexa, I can start a playlist myself.

Share this post


Link to post
Share on other sites
Just now, Spaceman Spiff said:

 

Yep, not into it.  Don't think I ever will be.  

 

**** Alexa, I can start a playlist myself.

My question with Alexa is, why can't a device like that be stand-alone?  Why must it phone home?

Share this post


Link to post
Share on other sites
Just now, PokerPacker said:

My question with Alexa is, why can't a device like that be stand-alone?  Why must it phone home?

 

Cause they probably want to keep track of how people use it, what commands they give it, etc.

Share this post


Link to post
Share on other sites
3 minutes ago, Springfield said:

 

In your legal opinion, should the host company (Nest in this case, owned by Amazon?) be held liable?  Or rather should a law be made to offer bigger punishment to them or require a certain line of security?

 

I think our congress, on both sides of the aisle are woefully inept in this regard.

 

I don't give legal opinions on the internet.  Or for free. :)

 

In my personal opinion as someone familiar with the law, to your first question, I think if a company is negligent in keeping people's information private, then yes, absolutely they should be held liable.  And they are to an extent, there is almost always a class-action suit against the company.  The problem with class actions is that the lawyers make a ton of money, the people who suffered the consequences tend to get comically little in the way of reparations.  

 

I think your second question is more important.  And there I think that their should be a much higher standard of care for companies that are holding vast amounts of consumer data and not keeping it secure.  Again, it's a question of what steps the company took.  If the company took all appropriate steps given their level of sophistication but got hacked anyways, then they shouldn't get raked over the coals.  If a company is, I dunno, Facebook, and their entire business model is mining personal information and they are a $500 billion tech company, then they should be required to go to the ends of the earth to keep that **** secure (as opposed to what they actually do, which is evidently nothing). 

 

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites

Hacking into a ring camera probably means they hacked into your ring account (as opposed to your local WiFi) because you don’t have to set up port forwarding to use ring so it sends all of the data to the the cloud, then back to you.  

 

Share this post


Link to post
Share on other sites

@Springfield I think I probably speak for all of us when I say that I hope that nothing bad happens to you and yours, that it was just some dumb kids playing a prank and nothing sinister.  

  • Like 4

Share this post


Link to post
Share on other sites
3 minutes ago, Spaceman Spiff said:

@Springfield I think I probably speak for all of us when I say that I hope that nothing bad happens to you and yours, that it was just some dumb kids playing a prank and nothing sinister.  

 

Thats my assumption as well.  By the sound of this guy, I could whoop his candy ass.  I’m not worried.

 

Thank you though.

Edited by Springfield
  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites
3 minutes ago, Springfield said:

 

Thats my assumption as well.  By the sound of this guy, I could whoop his candy ass.  I’m not worried.

 

Thank you though.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.