There is no starker reminder of how important it is to use unique passwords for each and every online account than when you hear someone’s voice invading your home through your home security system…and they got there reusing one of your passwords. Yes, that is scary and a massive invasion of privacy that gives one the chills to just think about it, but knowing that the voice is coming through your Nest camera and watching you too, well that’s just super creepy. A hacker did this by taking advantage of reused passwords on peoples’ Nest cameras.
The hacker, who claims to try to be gaining street cred to become a “white hat” hacker (or good hacker), calls himself SydeFX. He told Motherboard that he used credential stuffing and gained access to somewhere close to 300 Nest cameras and asked the victims to subscribe to the YouTuber PewDiePie’s channel. He even waited to watch them subscribe.
Credential stuffing is a type of cyberattack where criminals use usernames and password from past data breaches to gain access into online accounts. People who use the same credentials for multiple accounts are very susceptible to this scam. At the bottom of this article, we detail a simple method to create a unique password for every account that is simple to remember.
This is similar, though feels far more invasive than the stunt pulled by the hacker HackerGiraffe when he printed requests to subscribe to the same channel by printing documents to exposed printers.
Definitely, this is a great time to ensure you are using unique passwords for all of your online accounts. Even if you think they’re silly and don’t really have any important information, they still deserve a unique password. Credential stuffing is an automated way to try many usernames and passwords in a short period of time with the expectation that at least some will result in success. Sadly, they often do. SydeFX claims to have 4,000 unique Nest user account login combinations.
When changing passwords or creating new ones, use at least eight characters. Add in a few numbers and a special character such as the “@” or “#” symbol. Use upper and lowercase letters too. Don’t forget that using personally identifying information, such as your birthdate is not advised. Use something that makes no sense for the safest passwords.
Also, consider shutting off your interior cameras when you are home. While they can be useful in case of a home invasion, they can also be used against you such as in a case like this or another, “less ethical” hacker. If you decide to leave them turned on, carefully consider the placement of them so that they don’t record anything you wouldn’t want someone else to see, such as your bathroom or computer screen.
As always, be sure to keep your apps updated and keep firmware updated on all of your hardware devices. The manufacturers release firmware updates from time to time. Don’t ignore these. If you never changed the default password on those, make sure to do that too, using the same strong password guidelines.
And as a final note, activate multi-factor authentication (MFA) on Nest. It was recently given that option, so just do it. It can prevent someone from getting access to your accounts using only your login name and password.
There was another incident involving the Nest in home camera system recently too. This one will creep you out even more. Someone got into a family’s system and talked to the couple’s baby. Definitely think about where you place those security cameras if you choose to put them inside your home.