“5 Minutes of Sheer Terror”: Hackers Send Family Incoming Nuclear Missile Alert
By Elias Marat
It was just another Sunday afternoon for the family of Laura Lyons until the unthinkable happened.
Suddenly, something akin to a war broke out in the Orinda, California home when a loud screeching noise resembling the emergency broadcast alert siren began blaring throughout the living room, warning Lyons, her husband and their eight-year-old son that intercontinental ballistic missiles were headed toward Los Angeles, Chicago and Ohio, requiring that they scramble for cover.
The mother and her husband were frozen in shock, standing there as their son crawled underneath the rug. As the warning continued, the NFC Championship football game they were watching continued on uninterrupted.
Eventually, after several tortured minutes of raced thoughts – where will we go, do we pack up the dog, do we flee by car, do we have enough cash to make it through this emergency? – the couple realized that the announcement was coming from their Nest Cam.
Lyons told Mercury News:
It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate … It sounded completely legit, and it was loud and got our attention right off the bat. … It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on.
She eventually decided to call the customer service hotline for Nest, a subsidiary of Google. Company representatives informed her that her family had been the victim of a “third party hack.”
Lyons is upset that her privacy was so easily breached, allowing for the traumatic episode to occur.
“They have a responsibility to let customers know if that is happening,” she commented.
“I want to let other people know this can happen to them.”
Nest is among a growing suite of products that Google, as well as companies like Apple, Amazon, Samsung and smaller brands, are hoping to use to spearhead the transformation of regular homes into “smart homes” brimming with appliances, gadgets, and other hardware connected to the Internet and fully controllable by phone or computer.
But the Lyons’ experience has shown the flipside of the so-called “smart” future and its potential for abuse by private corporations, state security agencies and hackers alike.
Privacy watchdog group the Electronic Frontier Foundation has warned about the “intimate placement in our lives” of these smart home hubs and how they collect a wealth of data on an ongoing basis, noting:
Smart home hubs, including those from Google and Amazon, reserve the right to share data collected from their products for advertising, as well as with companies who make the apps or skills you install on those devices. In Google’s case, it will use data from Home to ‘show you ads that are relevant and useful.’
Many devices are easily exploitable, with hackers able to use stolen or poorly-secured passwords to log in and take control of the devices or to simply enjoy unhindered access. Consumers are often not tech-savvy enough to secure their devices with a set of complicated passwords or features like two-factor authentication, and the companies selling their devices have done precious little to educate consumers.
The Nest Cam has come under attack more than once. In December, an Arizona real estate agent had his camera hijacked by an ethical “white hat hacker” who warned him of the device’s vulnerabilities and read him his passwords that had been used for the device and numerous other websites. In another case, a couple was told through the device that their infant child was about to be kidnapped.