Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Spoke To Baby and Hurled Obscenities At Couple Using Nest Camera, Dad Says (cbsnews.com)

Posted by BeauHD on from the unseen-intruders dept.

pgmrdlm shares a report from CBS News: An Illinois couple said a hacker spoke to their baby through one of their Nest security cameras and then later hurled obscenities at them, CBS station WBBM-TV reports. Arjun Sud told the station he was outside his 7-month-old son's room Sunday outside Chicago and he heard someone talking. "I was shocked to hear a deep, manly voice talking," Sud said. "My blood ran cold." Sud told WBBM-TV he thought the voice was coming over the baby monitor by accident. But it returned when he and his wife were downstairs. The voice was coming from another of the many Nest cameras throughout the couple's Lake Barrington house. "Asking me, you know, why I'm looking at him -- because he saw obviously that I was looking back -- and continuing to taunt me," Sud said. Later that night, Arjun Sud noticed the Nest thermostat they have upstairs had been raised to 90 degrees. He suspected the hacker was behind that too. Nest's parent company, Google, said in a statement that Nest's system was not breached. Google said the recent incidents stem from customers "using compromised passwords exposed through breaches on other websites."

10 of 106 comments (clear)

  1. I may be a luddite by Major_Disorder · · Score: 5, Interesting

    But I am sure as hell not letting anyone adjust my thermostat over the internet, or watch me (WHATEVER) either.

    --
    First law of people: People are generally stupid.
    1. Re:I may be a luddite by 110010001000 · · Score: 3, Funny

      Luddite!

    2. Re:I may be a luddite by stephanruby · · Score: 4, Interesting

      ..but as your sig so fortuitously put it... well, people are stupid.

      Yes, it could be that.

      But let's remember, Uber gave the exact same excuse.

      We haven't been hacked. It's our users who have been re-using the same passwords.

      And two years later, it turns out that Uber did have a massive breach that they knew about, but that they didn't want to admit to anybody.

    3. Re:I may be a luddite by TigerPlish · · Score: 4, Insightful

      But let's remember, Uber gave the exact same excuse.

      We haven't been hacked. It's our users who have been re-using the same passwords.

      Oh, the stupid I was thinking of wasn't the reuse of passwords, it was the mere act of inviting these insecure iot contraptions into the home.

      --
      The "Civilized World" jumped the shark ca. 1973.
    4. Re:I may be a luddite by GrumpySteen · · Score: 4, Funny

      You'll never make a living as a cam whore with that attitude.

    5. Re:I may be a luddite by Askmum · · Score: 5, Informative

      If you reuse passwords - and even if you don't - https://haveibeenpwned.com/ can be pretty useful.

      It's only marginaly usefull. Yes, I have been pwned, my email address is listed in the "Anti Public Combo List".
      So? With what password? I have to use my email address at many sites to log on and of course I do not reuse my passwords, so one of them is compromised. It doesn't tell me which. So I don't know which password to change.

  2. Password Reuse by GavrielPlotke · · Score: 5, Funny

    https://xkcd.com/792/

  3. So the guy had a weak password by PhrostyMcByte · · Score: 3, Insightful

    Yea, this is a bit of the owner's fault, but it seems like Nest could be a doing better job helping their customers secure their systems. Something like this happening wasn't an if, but a when.

    Considering how sensitive this kind of system is, I would expect Nest to have some really simple security features like basic access logs, notifying you of (and maybe blocking) unknown IPs, required 2FA, etc.

    This is why I'd never opt for some 3rd party managed system in my own home.

  4. Re:This is funny as hell by Tablizer · · Score: 3, Funny

    He blew an opportunity:

    1. Make the baby "cry" when it's not really crying to mess with the parents.

    2. Make the baby say phrases that borderline actual English and random baby gibberish. "I make doody shaped like Daddy's head" and the like. The parents will look at each other and go, "Did I hear what I think I heard?"

    3. Have the baby fart loudly when guests are over.

    --
    Table-ized A.I.
  5. Cloud services by Bert64 · · Score: 3, Informative

    Devices like this should be standalone, not tied into an external cloud service...
    You the owner of the device should decide exactly who has access, and be ultimately responsible if you choose weak passwords or fail to further protect the system with an additional layer such as a VPN.

    I have CCTV at home, it requires that i first connect to a VPN in order to access it from outside. The cameras themselves are probably horrendously insecure, but they don't connect directly to the internet and are only accessed through a VPN which is actively maintained and gives me a reasonable level of confidence that noone other than myself has access.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!