This really irks me

So family gets Nest cameras. Family exposes cameras to the internet. Family uses compromised usernames and passwords. Family is aghast that said username and password was used to "hack" their camera. Family blames Google and and what will Google do to remedy the situation. Google answers secure your password and use two-step authentication. Family abhorrent to idea of doing something to secure their devices. Family swears off using Google Nest cameras.

Future-telling: Family gets another internet camera, lather, rinse, repeat.

Cause you know the problem was with Google not caring and the problem is not them!

5 Likes

There are always people not willing to reflect anything on to themselves. And it's always easy to blame somebody or something else.
Normally those people don't really accomplish anything in life worth talking about. :joy:

2 Likes

I have had my Google accounts secured with FIDO security keys for more than 4 years and recently removed SMS as a second factor (the least secure method). It always bothers me when cloud based services don't include SFA and couldn't understand why people would use IFTTT. IFTTT does now use SFA but I still have trouble reconciling the possible ways someone could manipulate things if they got access to an IFTTT account.

1 Like

I wish more sites would support FIDO. I've been using Yubikeys for a couple of years now. I complained to my bank and they actually got me an RSA Token. I don't like having another token but at least they understood the concept.

2 Likes

Banks and bank customers are a real curiosity when it comes to security. I am glad you were able to get the token but it shouldn't be the result of a special request. Text messages and email just aren't adequate and a slip of any kind can easily be a huge financial unresolvable burden.
My better half is privy to some FBI and Homeland security stuff, some of which she can share. It is almost beyond scarry, the things that we are up against. We should all be demanding everything be FIDO enabled.

1 Like

I'm well aware - totally agree.

1 Like

Wow, there have been several threads that shared articles about nest cams or thermostats being “hacked” but this is the first one I’ve read by a nest user that actually admitted the problem was reuse of compromised account credentials.

How does this person acknowledge that was the root cause of the system intrusion, and still blame google?

If I leave a key under a rock outside my house, but I also put up a sign that says “there’s a key under this rock,” I can’t blame the company that made the key or the lock when someone decides to use that information to walk right through my locked door.

1 Like

I agree @marktheknife. I also feel that because of these types of articles is why Google is making the decisions they are to close things off. Your average camera user thinks it is ok to just use the default credentials. I still think Google is going about it wrong though. Though Google should make it so the camera is setup without the defaults credentials and with two-step authentication.

I feel like these stories are used to justified Google close garden approach, when it isn't the necessary solution to the problem.

I still think people are just not taking enough time to invest in knowledge about the things they do / use. How many people take the time to fully read the whole manual, disclaimer / warnings? Because if they would, they would know it's dumb to complain about it.

On the other hand, Google could have think about this in another way before releasing it. They create a "simple" product targeted for the average Joe and them think he / she will take care of security themselves? Stupid to think that. Since all product Google create send some sort of data to their servers they could have easily said "if cloudserver connected, 2-step authentication mandatory. Else basic authentication possible". Something like that would have easily prevented most of these cases, IMHO.