Hacked Nest camera warned of North Korean 'missile attack,' family says

There are ballistic missiles headed to three American cities and President Trump has been moved to a secure facility.

That’s the highly disturbing message that Laura Lyons and her family received on Sunday in Orinda, Calif. Unsure of what to do, they comforted their son and tried to find media confirmation of the supposedly impending attack.

It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate,” Lyons told the Mercury News. “It sounded completely legit, and it was loud and got our attention right off the bat.  It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on.”

Closer scrutiny revealed that the blaring sound was coming from their Nest home security camera, which was situated on top of their television.


A manager at Nest told the family they were likely victims of a "third-party hack," which allowed someone to access their camera and its speakers with a compromised password.

"These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of security risk," a spokesperson for Google, which owns Nest, told Fox News via email.

Lyons told the newspaper that she wasn't aware the device had speakers and a microphone, and she disabled them shortly after the incident.


The Google spokesperson continued: "We take security in the home extremely seriously, and we’re actively introducing features that will reject comprised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials."

As more people use devices like Nest, Amazon's Alexa and Google Home, and as tech companies push the notion of smart homes with a range of connected appliances, hackers and other bad actors will try to exploit technological vulnerabilities. According to a study from computer scientists at The College of William and Mary, home devices like smart plugs and light bulbs could provide an easy entry point for hackers.

Sure enough, incidents of data breaches have become much more commonplace.

Back in December, a family in Houston told The Washington Post that they heard a stranger's voice spewing "sexual expletives" through a baby monitor in their infant's room. Like something out of a horror movie, when they turned on the lights, their Nest security camera activated and the voice told them to turn off the lights before threatening to kidnap their child.

In November, a man who is part of a collective of so-called white-hat hackers, Hank Fordham, hacked into an Arizona man's Nest security camera. His goal, he told Vice, was to warn people that their accounts may not be so secure.

According to Vice: "If you use the same email and password to log in to multiple accounts, a hacker can easily gain access to them just by popping in credentials leaked in a previous breach. There is even software that will automatically try the logins of all the users in a dataset to find which ones work."

A gigantic set of data that included 772 million unique email addresses and 21 million unique passwords was exposed on a hacking forum earlier this month, detailed by security researcher Troy Hunt, who maintains Have I Been Pwned -- which allows you to see whether your particular passwords or emails have been compromised.

A week ago, a cybersecurity researcher discovered that millions of FBI files, social security numbers and sensitive emails were leaked from the Oklahoma Securities Commission because the data was left "unprotected." In November, Marriott International admitted that the personal details of up to 500 million guests had been exposed due to a breach of its guest database. Early last year, the credit reporting agency Equifax said the data breach it had previously announced was worse, impacting at least 147.9 million people.

In one of the largest data leaks in Germany's history, a 20-year-old hacker exposed the private information of 900 public officials.