Anonymous hacker hijacked an IoT security camera to advise user about security risks

• A white hat hacker claiming to be a part of the Anonymous Calgary Mindhive hacked a Nest security camera owned by a man in Phoenix, Arizona to warn him of its security risks.
• Users are advised to change their passwords and set up two-factor authentication.

The explosion in the number of IoT devices has long been a security nightmare for its users as well as the companies that produce them. In a shocking turn of events, from a man who installed a Nest security camera in his home in Phoenix, Arizona recently, found a hacker’s voice talking to him from it.

Security camera lacking in security

Andy Gregg, who is a real estate agent living in Arizona, told the Arizona Republic that he heard a voice coming from his Nest Cam IQ security camera a few weeks ago when he was in his backyard. Gregg said his first thought was that someone had broken into and entered his home, however, he was soon surprised to find out that the voice was coming from his Nest security camera in his front window.

The hacker claimed to be a white hat hacker and a member of the Canadian group Anonymous Calgary Mindhive, in the voice message he relayed to Gregg. The conversation between Gregg and the hacker can be seen in the video recorded by Gregg.

“We don’t have any malicious intent, but I’m just here to kind of let you know so that no one else, like any black-hat hackers, follow. There are so many malicious things somebody could do with this,” the hacker told Gregg.

The hacker advised Gregg to use two-factor authentication to avoid compromise even if his password is exposed. In this case, the hacker found the password used by Gregg which allowed him to login to the camera.

Though he had not gained access to the images taken from the security camera or Gregg’s exact location, the hacker warned him that a malicious actor could geo-locate his IP address to track his whereabouts and cause further damage.

A call for caution

Many people use a common password across many websites and online services. When any major site gets exposed in a data breach, the login credentials of millions of users get exposed. These credentials are then often sold on the dark web to cybercriminals who use them to exploit other accounts of those users where they may have used the same password.

In 2017, a security researcher had discovered a flaw in Nest’s security cameras that let an attacker remotely disable the cameras. Nest said that vulnerability has been addressed. In their official statement, Nest told the Arizona Republic that it was aware passwords stolen in hacks of other companies have been used to access its cameras. They recommend the users to use unique passwords and set up two-factor authentication.

Gregg learned a valuable lesson from this incident and advised others to exercise caution as well.

“I have a ton of clients in real estate that use these things to watch their kids. They'll watch their living rooms, they'll keep them all over the house for their protection. But these hackers can go in there, and if they can watch your kids while they're sleeping or changing, just think of what they can do with that,” he said.

It is also worth noting that this was not the first instance of a Nest security camera getting hacked. Earlier this year, an indoor camera used a New York family was reportedly hacked by someone to talk to their 5-year old son. They were not even aware of since when the camera had been compromised before being discovered by their son.

How to protect yourself?

The first step any user can take to protect their devices from getting hacked is to use different and strong passwords in their various online accounts. In order to manage all the passwords, using a password manager is the best option.

Secondly, users should always employ two-factor authentication whenever available for any online account to prevent exposure even if their password is leaked. Furthermore, it is advisable to carefully consider the security risks before purchasing any IoT device like a Nest security camera.