Do you own a Nest device? It might be time for a security checkup.
In the wake of several news stories that detailed incidents of Nest cameras being hijacked and used to broadcast menacing messages to homeowners, Google-owned Nest today emailed customers “to assure you that Nest security has not been breached or compromised.”
The email notes, however, that Nest products can be hacked if a customer’s email address and password is made public through a breach. Perhaps you use the same login credentials on your Nest account and an account from a company that was hacked. “From there, people with access to your credentials can cause the kind of issues we’ve seen recently,” Nest VP Rishi Chandra writes in the email.
Last month, a Nest camera owner in Chicago detailed one such incident to CBS’s local news affiliate. “As I approached the baby’s room and stood outside, I was shocked to hear a deep, manly voice talking to my 7-month-old son,” Arjun Sud told the media outlet. “My blood ran cold.”
The hacker also turned Sud’s Nest thermostat to 90 degrees, which Sud feared could have overheated and killed his son.
Google blamed reused passwords, but that didn’t satisfy Sud. “Companies such as Nest must know we are going to collectively band together and hold them accountable for the lack of basic features in their ‘security’ system,” he later posted on his Facebook page.
Part of the problem is how anyone can log into a Nest account by simply visiting the company’s online portal or installing the Nest app. If your account has an easily guessed password, a hacker can potentially break in.
However, Wednesday’s email from Nest said the company does try to protect customers from hacks in a number of way. “For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists,” it said.
Nevertheless, the email urges Nest product owners to stay on guard. Customers should not only use unique passwords, but also activate the”2-step” based authentication with their accounts, the company said. This security setup can thwart hackers from accessing the account in the event the login credential ever falls into the wrong hands.
With 2-step verification, a hacker will need both the password and a special code that’s generated on the Nest owner’s smartphone. (Customers can learn how to activate 2-step verification here.)
The email goes on to suggest other tips as well, like being vigilant around online phishing scams that attempt to trick you into handing over your password.
Why Nest doesn’t automatically force owners to use 2-step verification or more complex passwords isn’t clear. Google would only say the company is looking at several different security features to better protect Nest customers’ accounts. But the whole episode is a reminder to be careful around introducing new technologies to your home.