A California family said they got the scare of a lifetime this past weekend when their smart security cameras began falsely warning of three North Korean intercontinental ballistic missiles headed to Los Angeles, Chicago, and Ohio. Thankfully, the missile warning was a hoax. Less comforting was the fact that the family’s Nest security cameras had been hacked.
According to a Mercury News report, Laura Lyons and her family were minding their own business on Sunday when they heard a loud noise like an Amber Alert from their living room in Orinda, California. It took a moment for Lyons and her husband to figure out that the alert was coming from their Nest camera, while their eight-year-old son crawled underneath a rug in terror.
“It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate,” Lyons told the Mercury News. “It sounded completely legit, and it was loud and got our attention right off the bat...It was five minutes of sheer terror and another 30 minutes of trying to figure out what was going on.”
The Lyons family then made several panicked phone calls to 911 and Nest, and scanned news channels to find that no such attack occurred. While on the phone with Nest, Lyons said she was angered to discover they were the likely victims of a third-party hack and said the company had failed to contact them about a data breach.
Later, a Nest spokesperson said its service was in fact not breached, and that reports such as this one are instead “based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of the security risk.” They added, “We take security in the home extremely seriously, and we’re actively introducing features that will reject comprised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”
This is far from the first time we’ve heard about hacked Nest devices. In December, a Houston family was terrified to hear the voice of a hacker via their Nest camera threatening to kidnap their baby. Meanwhile, an Arizona man in November claimed a benevolent hacker notified him through his Nest Cam IQ that his private information had been compromised. One thing these stories have in common is Nest’s customer service recommendation to affected users: Change your passwords and enable two-factor authentication.
The incidents form a compelling argument for better smart home security practices, such as changing logins from factory defaults, but they also sow distrust in smart devices as a whole, which broadly seem all too easily exploitable by good and bad actors alike.
Updated at 4:26 pm on 1/23/2019 with a comment from Nest