Never let the truth get in the way of a good headline, they say. (And I should know — I've been writing headlines for 20 years.)
But if the following headline from the San Jose Mercury News sounds just a little too sensational, you're right. It is.
"5 minutes of sheer terror": Hackers infiltrate East Bay family's Nest surveillance camera, send warning of incoming North Korea missile attack"
That's a mouthful. And it's also incorrect.
https://twitter.com/mdrndad/status/1087861524738334721ORINDA — Laura Lyons was preparing food in her kitchen Sunday when the lazy afternoon took a turn for the absurd. A loud squawking — similar to the beginning of an emergency broadcast alert — blasted from the living room, the Orinda mother said, followed by a detailed warning of three North Korean intercontinental ballistic missiles headed to Los Angeles, Chicago and Ohio.
"It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate," Lyons said Monday. "It sounded completely legit, and it was loud and got our attention right off the bat. … It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on."
The story, as you might have surmised by now, involves some Nest cameras and someone who shouldn't have gaining access to them. But the first question you need to ask (and presumably a reporter needs to ask) is how did someone gain access to the hardware.
In this case, the camera owner's account was compromised. If I have your email and password and can log into your Nest account, I can say whatever I want through your Nest devices' speakers. That's how they work.
Sure, folks probably were terrorized for 5 minutes. But nobody infiltrated anything. They came in through the front door.
How to set up two-factor authentication in your Nest app
We cannot (and should not) blame the victim here. This is a pretty awful attack, even if it ultimately didn't do any physical damage. (Though who knows how long the lurkers were lurking and what they might have seen and heard through the cameras.)
But it's once again another example of why password hygiene is so important. Unique passwords must be used. Password managers should be employed. Two-factor authentication must be used whenever it's available. (Nest has 2FA at the account level, but it only uses SMS tokens, which aren't as secure as folks would like to think. It's also optional and not on by default.)
The internet (and the next-generation Internet of Things) was not built with security in mind. It's up to us to protect ourselves.

Facebook and Oculus: A rough history that’s becoming a glowing future
There's no denying that Facebook and Oculus have gotten off to a rocky start in the eyes of some Oculus Quest 2 buyers. There are even a number of people that won't buy Oculus products because of Facebook's involvement, but is Facebook really the bad guy?

Android 12 is coming sooner than you think — here's what we know so far
What's next for the latest version of Android? From rumored features, interface changes, availability, and more, here's everything we know so far about Android 12!

Here's why Samsung should have launched a Galaxy S21 mini
The era of the small phone may never come again, but there's still plenty of money to be had if Samsung is willing to give us another diamond in the rough like the Samsung Galaxy S10e. We just have to look behind the annual cycle and broaden our horizons.

The best smart locks that support Google Home and Assistant in 2020
Smart locks are great tools for keeping your home safe, and if you've got a Google Assistant speaker, these ones can be controlled by just using your voice.