Best Top Reviews Online

Nest Cams Hijacked in the Name of PewDiePie and North Korea Pranks

In separate incidents, hackers terrorize camera owners by taking advantage of poor password hygiene.

DOZENS OF NEST camera owners were contacted this week by a disembodied voice urging them to subscribe to PewDiePie’s YouTube channel. A voice from a Nest security camera informed a family of three on Sunday that North Korean missiles were on their way to Ohio, Chicago, and Los Angeles. A couple was startled out of bed in December when they heard sexual expletives coming from their baby’s room through a monitor. Then, on their Nest cameras, they heard a hacker say, “I’m going to kidnap your baby, I’m in your baby’s room.”

Hackers accessing live feeds from video baby monitors have been the epitome of internet of things security woes for years. However, this new wave of startling webcam takeovers serves as a stark reminder that the IoT crisis is much broader—and far from over.

Laura Lyons of Orinda, California, and her family called 911 before realizing they’d been pranked in the case of the hoax North Korean missile strike, first reported by the Mercury News. A hacker used a username and password combination found in a previous data breach to gain access to the Lyons’ Nest account and control of their internet-connected camera. “I want other people to understand that this can happen to them,” Lyons told the Mercury News.

While it appears to be a one-time occurrence, the weak—or often nonexistent—credentials that protect routers, networked printers, and webcams represent a widespread crisis. It is frequently simple for attackers to obtain the keys to the kingdom. They can then infect devices with malware to monitor web traffic, or they can conscript devices into larger collective computing armies known as botnets. They could also play North Korean missile pranks.

“As the benefits and hype surrounding IoT grows, challenges in securing these systems may be overlooked. I could go on and on about the issues “says Jatin Kataria, a research scientist at Red Balloon, an embedded device security firm. “This is not the last report of this type we will see.”

“A house has windows, but we also use curtains for privacy. The same is true for IoT devices.” – RED BALLOON, JATIN KATARIA

The fact that Nest devices were targeted is particularly telling. In comparison to low-budget IoT companies that don’t prioritize security, Nest has strong defenses, such as consistent HTTPS web encryption and additional cryptographic protections for video streams. In addition, the company does not hardcode administrative credentials, which is a relatively common practice that allows attackers to look up a single password and use it to access every unit of a device they can find.

However, regardless of how difficult it is to hack a Nest camera via a vulnerability, attackers can still find ways to steal passwords and essentially waltz through the front door. According to Nest, attackers in this recent wave of incidents discovered compromised credentials in breaches and then reused them on other accounts.

Motherboard reports that in the case of the PewDiePie fan, the hacker known as SydeFX has compromised thousands of Nest cameras by using this login matching technique, also known as “credential stuffing.”

Similar elements were present in the December baby monitor incident in Houston. Following their justified shock, parents Ellen and Nathan Rigney turned off all devices and Wi-Fi in their home while they called the police and attempted to figure out what was going on.

“Nest was not breached,” Google-owned Nest said in a statement in response to questions about the North Korean missile fraud. “These recent reports are based on customers who used weak passwords (exposed through breaches on other websites). Two-factor authentication eliminates this type of security risk in almost all cases.”

Enabling two-factor authentication means that even if an attacker discovers your account password, accessing the account will be difficult. Unless you are personally targeted or are drawn into a two-factor phishing scheme, the additional security will be adequate. While Nest provides two-factor authentication, it is not enabled by default. Nest also confirmed on Tuesday that it is implementing a permanent feature that will prevent owners from using passwords that were previously exposed in a known breach to protect their Nest accounts.

“We can achieve security through depth right now until IoT defense becomes more mature,” Red Balloon’s Kataria says. This includes taking as many precautions as possible, such as using strong, unique passwords and enabling two-factor authentication when available to protect IoT devices. Kataria adds that he takes extra precautions at home, such as quarantining his IoT devices on a separate Wi-Fi network. Even if you don’t want to go that far, he recommends adding as many protective layers as possible.

“A house has windows, but we also use curtains for privacy,” says Kataria. “The same is true for IoT devices. Make it more difficult for the attackers to carry out their evil plans.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Ransomware Attacks Are Growing

August 26, 2022

Lockbit is by far the most prolific ransomware group this summer, followed by two Conti offshoots. Following a recent decline, ransomware attacks are once again on the rise. According to data released by NCC Group, old ransomware-as-a-service (RaaS) groups are…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.