Nest Labs, the US manufacturer of smart home products is reported to have been locking some customers out of their accounts over possible password breaches.
Nest Labs (founded by iPod inventor Tony Fadell and purchased by Google back in 2014) is a manufacturer of smart home gadgets, including thermostats, cameras, a video doorbell, a smoke and CO2 alarm, and the Nest Aware system where customers can monitor all activity at their home via an app.
Nest has recently been the subject of several hacks e.g. there have been reports of Nest cameras being hacked, such as the family in Northern California who reported their camera giving a message (from hackers) warning them of a fictional North Korean missile attack. Also, more recently in the US, on Superbowl Sunday, a mother reported an unknown male hacker talking to her 5-year-old son through the Nest security camera in his bedroom.
Advice From Google
In the light of the increase in hacks, in the early part of February, Google emailed out a warning to the owners, urging them to secure their login credentials with measures such as two-factor identification and stronger passwords. In the email, Google said that there hadn’t been a breach, but that it was simply reminding users that breaches are possible and that there are measures they can take to help protect themselves and get the most out of Nest products.
Google says that the recent reports of hacks are based on customers continuing to use compromised passwords i.e. passwords that have been exposed through breaches on other websites, and probably shared and sold-on among the hacking fraternity.
The lock-outs of accounts that some customers are now experiencing appear to be strong reminders from what is essentially a security app to those who are known to still be using compromised passwords and who haven’t yet set-up 2-factor authentication, that now is the time to address these issues.
One added bit of motivation to do so could be the relatively high monthly fees for Nest products and services that customers will be paying for nothing if they don’t act now.
Nest has also found itself in hot water recently after it was discovered that a “secret” microphone is incorporated in Google’s Nest Guard product that has not been listed in the product’s tech spec. This has led to a serious backlash, and calls from a Senator for action to be taken to help protect users from the privacy and security threat that some smart products can pose.
What Does This Mean For Your Business?
Even though these are security related products, their basic protection has been through the use of passwords. Due to the number of hacks of other sites, and the fact that people often use the same password for multiple sites, and due to the bizarre and terrifying nature of some of the hacks of Nest speakers, it is not a surprise that the company is taking strong action to try and force users to set up a secure, new password, and the extra security layer of 2FA.
This story is a reminder that it is not a good idea to use the same passwords on multiple websites, as hackers now have software to enable them to quickly try the same password details in multiple websites (credential stuffing).
Although 2FA does add another relatively solid layer of security to online accounts, Google (Nest) has said that it is also considering new security measure to prevent this kind of hacking from happening with Nest’s products again.