Skip to main content

Nest Cam nuclear missile ‘hack’ was actually just a case of bad password management

A California family recently had a major scare when their Nest Cam started yelling out a nuclear missile warning, warning the family that North Korea had launched ICBMs towards the United States. What was first assumed a terrifying hack, though, turns out to simply be a case of poor password management.

First reported on by local Bay Area news publication Mercury News, a family in Orinda, California were given a terrifying experience when their Nest Cam started warning them of an incoming nuclear missile attack on the United States. In hindsight, it seems pretty obvious that this was a hoax given the fact that the TV still played as usual, but it still resulted in “five minutes of sheer terror” with the family.

Once the cause was discovered, the family contacted Nest support and were told by a supervisor that this could be the result of a hack on the camera. As Google confirms to The Verge, though, the camera itself wasn’t hacked and Nest’s security wasn’t breached. Rather, this, and other similar reports in recent weeks, are simply due to bad password management.

Apparently, affected users were using compromised passwords that were in use on other websites. After those passwords were exposed through a breach on other sites, they remained in use on a Nest account. Using those credentials, attackers simply logged into the Nest account and did whatever they wanted.

These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of the security risk.

Google adds that simply using two-factor authentication could have solved this problem. Even if the compromised password remained in use, the attacker still would have run into a roadblock from the two-factor system. Plus, it’s pretty easy to turn that security feature on. The company also mentions that it’s looking into adding additional protection including rejecting compromised passwords.

More on Nest:


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Schoon Ben Schoon

Ben is a Senior Editor for 9to5Google.

Find him on Twitter @NexusBen. Send tips to schoon@9to5g.com or encrypted to benschoon@protonmail.com.