A terrified family in Orinda, California received a false warning via their Nest Camera that North Korea had launch missiles at the United States. The nerve-wracking hoax drove the family to leave their house and later call Nest to talk about the incident.
According to hoax victim Laura Lyons, people she talked to at Nest, including supervisors, admitted that there had been similar reports recently, and the company had not warned customers. Essentially, there was nothing the company could do, save for advising users to secure their accounts. Nest has long been one of the largest names in home automation, with tons of popular products. This has been especially true since it was bought up by Google, though that’s not to say that the company hasn’t had its fair share of hard times.
This makes it all the more jarring that reports of Nest systems and others like them being hacked in some way are quite as common as they seem to be. While Nest is far from the only company in the field to give consumers pause, this hack in particular points to a serious vulnerability that carries the potential for disastrous consequences. Unfortunately, it could technically happen to almost any company that uses third-party resources or labor.
Hackers, in this case, seem to have gotten a hold of a number of users’ login information used to control their Nest systems via outside means. While Nest itself was not breached, its users’ personal information wound up being obtained by hackers through third-party sites that suffered data breaches, most likely sites that handle authentication, cloud services, or other critical services for Nest.
What makes this hack even more alarming is the hacker’s boldness and their rather scary choice of action. We’ve seen malicious hackers do things like scare babies with home automation systems before, but this one chose to mimic a national threat in order to make their presence known to their victim.
The kind of total control required for such a feat could afford any enterprising hacker much wider access, and alerting a user means that the account will likely soon be locked and re-secured. This means that the hacker in question, who is assumed to still be at large, is confident enough in their ability to avoid detection, and twisted enough, to possibly cause a mass panic. It’s not hard to think that there may be others like them out there.
Google has yet to issue any large-scale official communication on this particular incident, though the company did come forward to confirm that Nest’s servers were secure and that the data breaches that led to customers’ information falling into the wrong hands were indeed on third-party servers. Nest, now folded into Google’s hardware outfit, has also not spoken up as of this writing. Exactly what third-party site or service the breach originated from is still not known. More importantly, what Google and Nest plan to do to prevent this sort of incident going forward is also not yet known.