Imagine watching TV one day and hearing an alert that says that ballistic missiles were headed from North Korea to Los Angeles, Chicago and Ohio. The alert said that people had three hours to evacuate.
Ignore for the moment the fact that Russian TOPOL ballistic missiles can travel at up to 15,000 MPH, so it would cover the 6,000 miles from Korea to the U.S. in much less than 3 hours.
In this case, the bigger issue was that the football game on TV was not interrupted and there was nothing on CNN. That’s when the family that heard the message freaked and eventually figured out that the so called alert was coming from their NEST surveillance camera on top of the TV.
Google, which owns NEST, said that it was the family’s fault – probably not changing the default password.
So what should you be doing?
This is part of a bigger problem with Internet of Things security, which currently is a disaster. IoT security in general is really poor and people are buying IoT devices and not securing them.
First thing, I would reconsider placing a surveillance camera in your living room on top of your TV or in your kid’s bedroom. I have heard horror stories of people doing that and pervs watching their kids doing who knows what while wearing … After all, people are not always fully dressed inside the house.
Google laid the blame for this on the owner. Said they should use two factor authentication. How many people understand that? I looked at the NEST camera installation page on their web site (here) and do not see anything obvious about turning on two factor authentication. Why? Because it complicates things which means more support calls which means lower profits, so I think NEST is being disingenuous here. Gee, that is a surprise.
All IoT vendors need to step up to the plate when it comes to security, making it as easy as possible and understanding that they might get more support calls. California just passed an IoT security law that will require vendors to improve security if they want to sell their devices in California.
On the other hand, consumers who buy IoT devices need to understand that they are responsible as well and take appropriate steps, even if that means a little more work for them.
In this case, this one family had 30 minutes of freak-out time. It could have been a lot worse. Source: CSO Online ,