Buying a Nest camera is something most of us do to make our homes more secure. With a Nest camera you can monitor your property inside and out any time of day with a network connection. But there are also downsides to such technology. The ability of network connected cameras to be hacked is one of them. And leaked passwords and credentials for logging into those cameras is another.
Andy Gregg had this exact thing happen with his Nest camera. Gregg came home to hear his camera talking back to him. On the other end was a white hat hacker. The hacker claims he was a member of the hacking group Anonymous and meant no harm to Gregg but only wanted to warn him that his password had been leaked.
“Hey, please, please don’t be scared or frightened,” Gregg recorded the camera saying. “I’m a researcher from Canada … I’m here to, like, help you … Your password’s been leaked.”
The hacker went on to say he didn’t have any “malicious intent,” but merely wanted to inform Gregg of his vulnerability.
“Damn, man! OK. Alright. Well then, yeah, I appreciate it. Are you able to see where I live and everything?” Gregg asked.
“Yeah. I mean, I don’t know where you live right now but if someone was really that dedicated … they could see when you’re not home … there’s so many malicious things someone could do with this,” the stranger answered.NBC 4
It’s important to note that this issue had less to do with the actual Nest camera as it did with a leaked password. This same scenario could have unfolded with any network camera if the password had been leaked. For their part, Nest has reset passwords on some accounts and issued the following statement:
“Nest has reset all the accounts where customers reused passwords that were previously exposed through breaches on other websites and published publicly. Even though Nest was not breached, these customers were vulnerable because their credentials were freely available on the internet.
“Each customer has received instructions on how to establish new credentials. For added password security, we’re preventing customers from using passwords which appear on known compromised lists. As before, we encourage all customers to use two-factor verification for added account security, even if your password is compromised.”
We can’t remind you enough how important strong passwords and two-factor authentication are. Thankfully, Andy Gregg encountered a white hat hacker and not a black hat.Source: NBC 4