SoylentNews is people
SoylentNews
Submission Preview
Nest (and other IoT devices) put lazy people at risk.. porn played to 3yo
the Washington Post [washingtonpost.com] reports another story about hacked Nest devices.
Hackers, whose voices could be heard faintly in the background, were playing the pornography through the Nest Cam, which had been used for years as a baby monitor in a Novato, California home.
The method used to get access to the intercom feature is one of the oldest tricks on the Internet.
Hackers essentially look for email addresses and passwords that have been dumped online after being stolen from one website or service and then check to see whether the same credentials work on another site. Like the vast majority of Internet users, the family used similar passwords on more than one account. While their Nest account had not been hacked, their password had essentially become public knowledge, thanks to other data breaches.
The article continues:
But Nest’s defenses were not good enough to stop several high-profile incidents throughout last year in which hackers used credential stuffing to break into Nest cameras for kicks. Hackers told a family in a San Francisco suburb, using the family’s Nest Cam, that there was an imminent missile attack from North Korea. Someone hurled racial epithets at a family in Illinois through a Nest Cam. There were also reports of hackers changing the temperature on Nest thermostats. And while only a handful of hacks became public, other users may not even be aware their cameras are compromised.
The company was forced to respond. “Nest was not breached,” it said in a January statement. “These recent reports are based on customers using compromised passwords,” it said, urging its customers to use two-factor authentication. Nest started forcing some users to change their passwords.
This was a big step for Nest because it created the kind of friction that technology companies usually try to avoid. “As we saw the threat evolve, we put more explicit measures in place,” Sathe said. Nest says only a small percentage of its millions of customers are vulnerable to this type of attack.
So, how much should a company pander to laziness? Can 'good' security be forced on stupid and lazy people?
Is anyone going to take responsibility for their own data? (although this is already almost impossible for all but the most paranoid/vigilant types, not re-using passwords shouldn't be this hard...)
