Home-security systems might be effective at keeping physical intruders out. But they are also liable to hacking.
The Washington Post reported last month on a particularly horrifying digital nightmare. A woman, Tara Thomas, told the newspaper that a hacker accessed the Nest Cam video baby monitor for her child last August, playing recordings of pornography to the three-year-old girl as she tried to sleep.
Nest responded to the reports through a statement in January, saying that “Nest was not breached” and “the recent reports are based on customers using compromised passwords.”
Passwords can become “compromised” through any number of ways. Failing to differentiate passwords between accounts is one of them. Dashlane, a password security firm, found that 52 percent of 28 million internet users either reuse or slightly modify their passwords across different accounts.
Hackers can obtain compromised passwords through shared software. One such program, Snipr, costs $20 to download. It employs a hacking technique called “credential stuffing,” which, according to Cloudfare, uses “credentials obtained from a data breach on one service…to attempt to log in to another unrelated service.”
Companies have to strike a balance between security and convenience. While heightened security measures such as Captchas, two-factor authentication, and SMS codes reduce vulnerability to hacking, they pose an inconvenience for users and deter them from using the platforms.
Nest makes two-factor authentication available to customers and urges them to use it. Not all do, however. Hank Fordham, a security researcher, told the Washington Post that he could enter thousands of Nest accounts using Snipr, enabling him easy access both to house thermostats and video cameras.
Image from Pexels.com