Can a Nest Secure Doorbell Be Hacked?


Recently, we discussed whether the Ring video doorbell is hackable. While that piqued your interest, you’ve been thinking of getting a Nest instead. As a Google product, you may feel a little more confident in the security of your Nest video doorbell, but is that confidence misplaced? Do you really have to worry about hacking if you have a Nest?

Nest is certainly not hack-proof, as unscrupulous characters have broken into the video doorbell system many a time. In fact, the problem got so bad in 2019 that Google even emailed Nest owners and advised them to go through their security settings and upgrade them. Google also suggested a password change.

If you just bought a Nest, take a deep breath. Video doorbells are a common target for hackers, but it doesn’t mean you have to be the next victim. In this article, we’ll cover instances of Nest hacking as well as talk about how to avoid the same thing happening to you. Keep reading, as you’re not going to want to miss it.

Can a Nest Secure Doorbell Be Hacked?

First, let’s get into the meat of the matter, the hackability of the Nest video doorbell. Like almost any of the doorbell products on the market these days, yes, hackers can break into your Nest.

According to a 2019 article in The Washington Post, there are two reasons for that. The first is that new software for hacking into video doorbell systems is being created all the time. That makes it simple for anyone, even a person without a whole lot of technological savvy, to hack a Nest.

Further, Google has turned a semi-blind eye to the issue, and this has been done on purpose. If Google suddenly made the Nest as secure as Fort Knox, then this would have a twofold effect. For one, all preexisting customers would wonder why there are suddenly such tight security measures in place when none existed before. Also, potential new customers might be turned off by all the hoops they’d have to jump through just to use the Nest.

Considering the wealth of video doorbell competition on the market, Google’s would-be customers would easily find another security solution for their home while Google would lose out on money.

Instead, the company follows in the footsteps of a lot of other video doorbell manufacturers and takes reports of hacking on a case-by-case basis.

Instances of the Nest Doorbell Being Hacked

Video doorbell hackings, while they do happen, tend to be isolated incidents. A few here, then several months pass, and maybe a few more there. That’s not exactly what happened with the Google Nest in 2019. The video doorbell got hacked several times.

Let’s take a look at the hacking incident mentioned in The Washington Post article we linked you to in the last section. The article begins with a story about the Thomas family in California. The mother, Tara Thomas, said her daughter claimed to have a monster in her bedroom. While Tara initially dismissed her daughter’s concerns as nightmares, she soon discovered her daughter was correct.

Hackers had gotten into the Nest in the daughter’s bedroom and were talking to her and playing pornography. It was a vile hacking, but not the only one.

In a 2019 post from Security Sales & Integration, we get the tale of a Milwaukee-based woman named Samantha Westmoreland, who also owned a Nest. First, her thermostat began raising way high, like 90 degrees Fahrenheit. Then she heard inappropriate music from her Nest, which she realized had been hacked.

There’s also this article in the Chicago Tribune about Jessica and Arjun Sud and their young son. When they were tucking him into bed one night, the parents heard what sounded like a man talking to their son through their Nest. Not just talking, of course, but cursing and using vulgar slang. Like the other instances of Nest hacking, this also took place in 2019.

Why Was 2019 Such a Bad Year for the Google Nest and Hacking?

The problem was so extensive that, that same year, Google emailed all its Nest users with a warning to update their settings. This was reported in a piece on Popular Mechanics. Not only did Google ask its userbase to get new passwords, but to add two-factor authentication to their accounts if they didn’t already have it.

Now, you may wonder, with three high-profile incidents of hacking in one year, did Google have a serious problem on its collective hands? No, and that’s the surprising part.

There was no Nest breach. The reason the above hackings occurred was the same reason we wrote about in our article about the security break-ins of the Ring video doorbell. That is, a little hacking concept known as credential stuffing.

Never heard of credential stuffing? Here’s an overview.

If a website in which you’re a member is ever breached, then your login information could get leaked or sold into the hands of criminals. Once these bad characters have your username and password as well as the login info of thousands (sometimes millions) of your fellow consumers, they try applying the login information on other sites.

Most of the time, this doesn’t work, but then again, the hackers don’t know which sites you use. If they happen to get a login right though, then they can now gain access to your account, such as through Ring or Nest. This allows them to do all the horrible things the families above have experienced via hacking.

What Can You Do to Stay Safe from Hackers?

Alright, let’s say you believe your Nest video doorbell was hacked. The first thing you want to do is get in touch with Google. They’re probably going to tell you to update your password and your security features like in this forum post here, but at least the company is now aware of the issue.

Without a major breach, Google’s assistance will probably only go so far. That means it’s on you, the consumer, to be savvier in the future when it comes to avoiding hacking. Here are some great tips for getting started.

Keep Your Password to Yourself

Nest lets you add family members to the video doorbell, which grants them access to certain features, such as thermostat usage. You can include your family by their email addresses or even directly from your contacts list.

Either way, there’s no need for the entire family to know the login credentials for your Nest video doorbell. If you’re the main account holder, then keep your password a secret to everyone but yourself. Your spouse/partner and the kids can still use Nest without separate accounts, so why would they need to have your login info?

After all, the more people who are aware of your username and password, the greater the chance the information could get spread, even by accident. Then it’s just a matter of a hacker finding your login credentials and using them and voila, they’re in your Nest and can do whatever they want with it.

Avoid Reusing the Same Password

In a similar vein, please don’t keep repeating the same username and password from one website to another. According to computer security company Norton, in 2019, there were four billion recorded breaches, and that was only for half the year. Norton even says, “data breaches have run at a record pace in 2019.”

As consumers continue to rely on the Internet for more and more facets of their everyday lives, we can expect an upward trend in breaches. All it takes is one company you’re a member of to have a breach and then your information is out there.

If you use a different login for each website you’re a part of, then you can minimize the damage. Yes, your info got into the hands of hackers, maybe even sold to them, but they cannot use it for any other site because you change your logins from site to site.

Now imagine if you have the same login for each site. A hacker could theoretically get into your Nest, sure, but not only that. They could also gain access to your bank account and other personal details you do not want anyone else having.

We’ll admit it’s a pain to remember a dozen different passwords, but it beats the pain of having to rebuild your finances or even your life after a major hacking.

Always Turn on Two-Factor Authentication

Two-factor authentication used to be optional, but more sites and services are mandating you use it when registering. Also known as multi-factor authentication, this is a means of proving it’s really you in two or more different ways.

Since we talked about your bank account before, let’s use it as an example now. Each time you go to your bank’s ATM, you use two-factor authentication. First, you have to put your credit or debit card in. Then, you have to input your ATM password. Failing to do both correctly would get you shut out of your account, as you might be a fraudulent user.

Two-factor authentication doesn’t have to be scary or annoying. When a company uses it, it’s for your security and protection. Thus, you should turn it on automatically. Oh, and two-factor authentication is a great way to prevent credential stuffing, by the way, which can also keep your Nest video doorbell free of hackers.

Conclusion

The Nest secure doorbell, a Google product, had a really bad year in 2019. Many hackers broke into users’ cameras. Nest suffered no breach, but rather, attributed the problem to reused passwords and hackers engaging in credential stuffing.

By using different passwords on each site/service you sign up for, not sharing your login information, and always turning on two-factor authentication, you can keep dangerous hackers at bay. This applies not just to your Nest, but other areas of your life as well. Best of luck!

 

Recent Posts