Hacker Speaks Through Nest Camera, Gives Victim Security Tips
A “white hat hacker” from Canada told an Arizona man he just wanted to alert him to the potential of what someone with malicious intent could do.
PHOENIX — This had to be hair-raising. Andy Gregg, an Arizona real estate agent was toiling in his backyard recently one night when from inside his home he heard a stranger’s voice … addressing him directly.
Concerned that some ne’er-do-well had broken into his home, Gregg went inside only to discover the voice was emanating from his Nest IQ Cam security camera that was placed near a window at the front of his home.
The voice, belonging to someone who claimed to be a “white hat hacker” from Canada, explained that Gregg’s personal information had likely been compromised in a previous data breach, according to a report in the Arizona Republic. White hat is Internet jargon that refers to an ethical computer hacker who exposes security vulnerabilities for the greater good, rather than their own benefit.
The hacker went on to recite a number of passwords Gregg had used for logging into multiple websites. While the hacker had no access to the camera’s video feed, nor Gregg’s location, he explained that loopholes could have been penetrated by hackers with bad intentions for malicious purposes — like finding out where he lives and waiting till nobody’s home to potentially rob him.
The hacker also provided some security tips to Gregg, such as enabling two-factor authentication for his Nest account.
The hacker’s call in early November was filmed by Gregg, who shared the video with a local media source to try to raise awareness about the risks of insecure Internet-connected smart home devices. In the video, the hacker’s voice can be heard over the speaker telling Gregg that he was contacting him in the creepiest way possible to warn him.
In a statement to the Arizona Republic, Nest parent company Google said that it is aware that passwords exposed in other breaches may be used to access its cameras. The company noted the cameras can’t be controlled wirelessly without a username and password created by the device owner. Nest devices do not come with default logins that can easily be manipulated to hijack the cameras.
In the video below you can hear the hacker apologizing to Gregg if he was creeped out.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!