Despite Nest “cyber attacks”, Nest cameras are still safe to use

Don’t worry about recent Nest “hacking” reports, worry more about your online password hygiene

There have been a few different news stories about Nest cameras getting “hacked” and someone harassing the Nest camera owners.  Scary, right?  This is a perfect example of media sensationalizing the word “hacked” and spreading incorrect information.  These were not cyberattacks.  Here is a breakdown of what you need to know if you’re a Nest camera owner or are thinking of getting a Nest camera.

What happened?

In both stories of Nest cameras getting “hacked,” the cameras weren’t actually hacked. Rather, the credentials used for the Nest accounts were reused passwords – which made access to the Nest accounts and cameras easy to get into.  With data dumps, such as Collection#1, it is extremely easy for malicious attackers to find reused credentials linked to e-mail addresses and initiate credential stuffing cyberattacks.

Who is to blame?

All of these Nest “hacking” scenarios could have been prevented by doing two simple things:

  1. Don’t reuse passwords for any online accounts.  Passwords for each site or account should be unique, long, and strong.  Learn more about creating strong digital passwords.
  2. Enable 2-step verification on your Nest account. This will help ensure that if your Nest password is ever compromised, there is still one additional layer protecting your cameras and accounts.

Bottom line, Nest is not to blame for poor cyber hygiene.  Unfortunately, properly securing IoT devices is something that a lot of users don’t know they need to do – so the responsibility of securing devices falls on the user.

That said, Nest probably could do more to stress the importance of enabling 2-step verification on accounts or going a step further and making 2-step verification a hard requirement for Nest accounts.

IoT Security

Whenever you introduce an IoT device into your Home, you are taking a risk because any Internet-connected device can potentially be compromised.  However, if you take proactive steps to change default credentials and add additional layers of security (e.g. 2FA/MFA) to your accounts, IoT devices can be safely used in your home.