Never let the truth get in the way of a good headline, they say. (And I should know — I've been writing headlines for 20 years.)
But if the following headline from the San Jose Mercury News sounds just a little too sensational, you're right. It is.
"5 minutes of sheer terror": Hackers infiltrate East Bay family's Nest surveillance camera, send warning of incoming North Korea missile attack"
That's a mouthful. And it's also incorrect.
The story, as you might have surmised by now, involves some Nest cameras and someone who shouldn't have gaining access to them. But the first question you need to ask (and presumably a reporter needs to ask) is how did someone gain access to the hardware.
In this case, the camera owner's account was compromised. If I have your email and password and can log into your Nest account, I can say whatever I want through your Nest devices' speakers. That's how they work.
Sure, folks probably were terrorized for 5 minutes. But nobody infiltrated anything. They came in through the front door.
We cannot (and should not) blame the victim here. This is a pretty awful attack, even if it ultimately didn't do any physical damage. (Though who knows how long the lurkers were lurking and what they might have seen and heard through the cameras.)
But it's once again another example of why password hygiene is so important. Unique passwords must be used. Password managers should be employed. Two-factor authentication must be used whenever it's available. (Nest has 2FA at the account level, but it only uses SMS tokens, which aren't as secure as folks would like to think. It's also optional and not on by default.)
The internet (and the next-generation Internet of Things) was not built with security in mind. It's up to us to protect ourselves.
Sign up for Black Friday email alerts!
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the Android Central team.