Never let the truth get in the way of a good headline, they say. (And I should know — I've been writing headlines for 20 years.)
But if the following headline from the San Jose Mercury News sounds just a little too sensational, you're right. It is.
"5 minutes of sheer terror": Hackers infiltrate East Bay family's Nest surveillance camera, send warning of incoming North Korea missile attack"
That's a mouthful. And it's also incorrect.
https://twitter.com/mdrndad/status/1087861524738334721ORINDA — Laura Lyons was preparing food in her kitchen Sunday when the lazy afternoon took a turn for the absurd. A loud squawking — similar to the beginning of an emergency broadcast alert — blasted from the living room, the Orinda mother said, followed by a detailed warning of three North Korean intercontinental ballistic missiles headed to Los Angeles, Chicago and Ohio.
"It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate," Lyons said Monday. "It sounded completely legit, and it was loud and got our attention right off the bat. … It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on."
The story, as you might have surmised by now, involves some Nest cameras and someone who shouldn't have gaining access to them. But the first question you need to ask (and presumably a reporter needs to ask) is how did someone gain access to the hardware.
In this case, the camera owner's account was compromised. If I have your email and password and can log into your Nest account, I can say whatever I want through your Nest devices' speakers. That's how they work.
Sure, folks probably were terrorized for 5 minutes. But nobody infiltrated anything. They came in through the front door.
How to set up two-factor authentication in your Nest app
We cannot (and should not) blame the victim here. This is a pretty awful attack, even if it ultimately didn't do any physical damage. (Though who knows how long the lurkers were lurking and what they might have seen and heard through the cameras.)
But it's once again another example of why password hygiene is so important. Unique passwords must be used. Password managers should be employed. Two-factor authentication must be used whenever it's available. (Nest has 2FA at the account level, but it only uses SMS tokens, which aren't as secure as folks would like to think. It's also optional and not on by default.)
The internet (and the next-generation Internet of Things) was not built with security in mind. It's up to us to protect ourselves.
Yes, Twitch is down right now for everyone
Having trouble with Twitch today? You aren't alone. The company confirmed via Twitter that it is investigating an issue with the website.
Eero Pro review: An excellent mesh router, but overkill for small spaces
Eero is one of the best-known names in mesh networking, and for good reason. It's a router system that's both simple and powerful, and one that makes it easy to configure as big as your house (and beyond) requires without adding needless complication.
Can Houseparty make it easier than ever to have the greatest parties?
There are a lot of different applications that make it easy to video chat with your friends and family, regardless of whether you are next door, or halfway around the world. With Houseparty, you can turn those video chats into fully-fledged parties, and it's quickly becoming more and more popular.
The best smart locks that support Google Assistant
Smart locks are great tools for keeping your home safe, and if you've got a Google Assistant speaker, these ones can be controlled by just using your voice.
