Google Criticized After Voice From 'Nest' Camera Threatens to Steal Baby (siliconvalley.com) 125
Jack Newcombe, the Chief Operating Officer of a syndication company with 44 million daily readers, describes the strange voice he heard talking to his 18-month old son:
She says we have a nice house and encourages the nanny to respond. She does not. The voice even jokes that she hopes we don't change our password. I am sick to my stomach. After about five minutes of verbal "joy riding," the voice starts to get agitated at the nanny's lack of response and then snaps, in a very threatening voice: "I'm coming for the baby if you don't answer me...." We unplug the cameras and change all passwords...
Still helpless, I started doing the only thing I could do -- Googling. I typed "Nest + camera + hacked" and found out that this happens frequently. Parent after parent relayed stories similar to mine -- threatening to steal a baby is shockingly common -- and some much worse, such as playing pornography over the microphone to a 3-year-old... What is worse is that anyone could have been watching us at any time for as long as we have had the cameras up. This person just happened to use the microphone. Countless voyeurs could have been silently watching (or worse) for months.
However, what makes this issue even more terrifying is a corporate giant's complete and utter lack of response. Nest is owned by Google, and, based on my experience and their public response, Google does not seem to care about this issue. They acknowledge it as a problem, shrug their shoulders and point their fingers at the users. Their party line is to remind people that the hardware was not hacked; it was the user's fault for using a compromised password and not implementing two-step authentication, in which users receive a special code via text to sign on. That night, on my way home from work, I called Nest support and was on hold for an hour and eight minutes. I followed all directions and have subsequently received form emails in broken English. Nobody from Google has acknowledged the incident or responded with any semblance of empathy. In every email, they remind me of two-step authentication.
They act as if I am going to continue to use Nest cameras.
Still helpless, I started doing the only thing I could do -- Googling. I typed "Nest + camera + hacked" and found out that this happens frequently. Parent after parent relayed stories similar to mine -- threatening to steal a baby is shockingly common -- and some much worse, such as playing pornography over the microphone to a 3-year-old... What is worse is that anyone could have been watching us at any time for as long as we have had the cameras up. This person just happened to use the microphone. Countless voyeurs could have been silently watching (or worse) for months.
However, what makes this issue even more terrifying is a corporate giant's complete and utter lack of response. Nest is owned by Google, and, based on my experience and their public response, Google does not seem to care about this issue. They acknowledge it as a problem, shrug their shoulders and point their fingers at the users. Their party line is to remind people that the hardware was not hacked; it was the user's fault for using a compromised password and not implementing two-step authentication, in which users receive a special code via text to sign on. That night, on my way home from work, I called Nest support and was on hold for an hour and eight minutes. I followed all directions and have subsequently received form emails in broken English. Nobody from Google has acknowledged the incident or responded with any semblance of empathy. In every email, they remind me of two-step authentication.
They act as if I am going to continue to use Nest cameras.
Class action lawsuit (Score:3)
Re:Class action lawsuit (Score:5, Insightful)
Why? Because people can't be bothered to use a reasonable password for stuff like a camera that can be accessed by complete strangers and watch their every move?
I have a hard time feeling sorry for these "victims". It's always the complacent "that'll never happen to me!", and when it finally does due to their own negligence, it must be the company who made the product's fault. Google *literally* told them how to fix the problem. Instead, they whine even more and go as far as being rude to the person that took time to help them (that "broken english" email they was yammering about.)
If there was truly a flaw in these that allowed malicious actors to get in, regardless password or two-factor auth. or what-have-you; then I'd say "Wtf Google. Fix your shit." But this is, as far as I can tell, just another case of idiot users being idiots. They probably don't have a backup for all their finances either I'll bet.
I'm sorry but you can't leave your front door wide open then run around complaining that people are robbing your home.
Re: (Score:3)
Are you kidding? the google nest cameras have a ton of security holes. you're speaking like a fishnet can be waterproofed.
Re: (Score:2)
Re: (Score:2)
The guy who wrote the article says he's not going to invoke 2FA, so it's the consumer who doesn't care.
Re: (Score:2)
you're speaking like a fishnet can be waterproofed.
A fishnet must be waterproof.
Re: (Score:2)
Re: (Score:2)
Yes, thank you. We've moved on from the "users are stupid" segment of our programme, and are now discussing the non-user-dependent vulnerabilities that can be compromised in Nest devices through something colloquially known as "hacks".
Please do try to keep up.
Are you deliberately acting this obtuse? (Score:2)
He made an argument!
One you clearly are too fucking stupid to even see without it blatantly blared at your face like in an American movie for an American audience!
So I'm gonna write it out for you:
*The Nest has countless security holes! _A safe password will not change a thing!_*
How do you even tie your shoes in the morning?
Re: (Score:2)
The argument is non-constructive. He just says "it has security holes", but how are we to discuss them if he doesn't tell us what they are?
Re: (Score:3)
Re:Class action lawsuit (Score:5, Insightful)
Nest cameras bug you no end, if you don't set up secure account credentials. They really want to stop you from making mistakes. You have to actively confirm that you do not want to secure your account, and you have to repeat this confirmation on a regular basis. But ultimately, it's the user's decision whether they do or do not set a secure password and whether they enable second-factor authentication.
This is like leaving the door to your house wide open, because you love the fresh breeze. And then complaining that a) the door lock makes this annoying beeping sound every minute because it detects the door is left open, and b) random people keep walking in and out of the house. "Clearly, the lock manufacturer was irresponsible".
Re: (Score:2)
You have to actively confirm that you do not want to secure your account
Why is it an option to not secure your account? It should not be.
This is not a new thing. Linux and OSX, and before them BSD and other Unixes all recognized that as networked multi-user systems, they had to require passwords, especially on root. That was acceptable security practice in those days and it quickly became the standard for running secure systems, despite being inconvenient to users. Windows comes along and doesn't even have passwords, at first, and then passwords are not the default. Passwords s
Re: (Score:2)
Re: (Score:2)
This should be obvious. You make security the default. If people choose to un-secure their camera, they can, but that requires deliberate action and reasonable knowledge of the consequences. I can enable the root account and make the password blank on Linux, but it is not the default. There may be a reason to do that, but there is no reason to make it the default setting.
Re: (Score:2)
Why is it an option to not secure your account? It should not be.
Of course it should.
I don't have a password on my phone. I do have a password on my PCs but they're set to auto-login so I can't even remember it. I don't have a password on my television, my radio, my wifi, my toaster or my cats.
Security is always a compromise between convenience and protection. I choose where to compromise, not you.
Re: (Score:2)
Good for you. As an expert user you probably are aware of the risks and know how to protect yourself. The average user does not know how to create a secure password, create a different password for each account/device, or rotate their password every 6 months. 2FA is enabled by default on many devices because of this. It gives users an easier way to secure their accounts and protect their information. If you don't want it or need it then disable it, but not having it enabled by default is creating a giant ga
Re: (Score:2)
not having it enabled by default
That's where we absolutely can agree. Sufficiently secure by default, consciously choose to open it.
Re: (Score:2)
in those days
In those days? Which days are those? My last Ubuntu install didn't enforce password complexity. My last Windows install on the other hand did (in a basic form) and then proceeded to want to set up MFA, as well as local device based pins as well.
You hold things in high regard looking at the past, but in the present honestly they are no better than the rest.
Passwords still are not the default on Windows today. Why?
Ignorance. Not the user's or Microsoft's but rather yours. Passwords most definitely are the default on Windows.
Re: (Score:2)
I unfortunately can't use 2fa as I do not own a cellphone and in my entire life have never owned one. I have a landline and my ham radio which I can use autopatch on my ham if I need to make a phone call from the car.
Course since I can't use 2fa and don't own cellphone, I don't buy any of that shit.
Re: (Score:3)
I unfortunately can't use 2fa as I do not own a cellphone and in my entire life have never owned one. I have a landline and my ham radio which I can use autopatch on my ham if I need to make a phone call from the car.
Course since I can't use 2fa and don't own cellphone, I don't buy any of that shit.
You're not in the demographic and therefore have no skin in the game. You don't understand how these products work and I don't know why you even bothered to comment except maybe you're trying to brag.
It isn't working.
Re: (Score:2)
Maybe you should look up what's involved in being a HAM operator before saying stuff like that. Odds are he's the most technically inclined person in the conversation right now.
Re: (Score:2)
You don't need a cellphone to do 2FA. See YubiKey, Titan Key, et alia.
Re: (Score:2)
That's the thing, Google has a huge amount of experience with this. Most of their customers are individuals and they put a huge amount of effort in to getting them to secure their accounts. If you don't have 2FA enabled it constantly nags you about it, and even if you do you get periodic "check your settings" messages that prompt you to run their privacy checkup wizard.
It's inexcusable to not mandate 2FA on a product like this.
Re: (Score:2)
What other products does Google sell to individuals? They have the "smart" speakers, but other than that, I can't think of any other products that they sell to individuals.
Re: (Score:2)
The Play Store sells apps, music, games, movies, TV shows, books etc. They make phones, tablets and laptops. YouTube has a subscription service.
That's on top of their paid accounts with extra storage. Oh and they sell security keys now.
But in fact even the non-paying users are customers, because if they don't bring their custom they don't make money from ads. They may not pay with money but they still pay.
Re: (Score:2)
Re: (Score:2)
I didn't know that. Do they also ignore their customers and/or sell shitty/dangerous products in the "Play Store"? I don't know anything about it. It seems to me with this whole Nest thing that they literally don't care. If they did, they'd just change the product to not allow simple passwords, or require 2FA or something like that.
That makes sense, but it adds complexity to the consumer-class product. "It's way too hard to understand and it takes a long time to do the install so I'm going to buy brand X because it doesn't have all the hassle."
Re: Class action lawsuit (Score:2)
'Do they also ignore their customers and/or sell shitty/dangerous products in the "Play Store"?'
The overwhelming majority of apps distributed in the Play Store are spyware. Most people consider spyware to me a form of malware, and therefore shitty and/or dangerous.
Re: (Score:2)
Smartphones - nexus, pixel, etc
Re: (Score:3)
It's inexcusable to not mandate 2FA on a product like this.
Right - the fix is obvious. Require it to activate. Do not let it run in insecure mode at all. Make that the standard.
Re: (Score:2)
I would be surprised if this doesn't become a class action lawsuit, because it obviously happens to a lot of people.
This will only work if the class action can prove that the buyer had no part in establishing best practices.
Re: (Score:2)
Re: (Score:2)
The problem is that EVERYONE designs these things poorly. It's not users leaving front doors wide open, it's doors that are designed to be wide open.
The cameras and microphones etc. are designed to connect to the internet, a bad idea. Once they design that, they you have to trust the router, the ISP, and of course any wifi you have.
Yes this can be less user friendly, but if done correctly, these devices should by default be far safer. You can always enable an option to let said devices operate over the
Re: (Score:2)
These devices are actually secure in the default configuration. You have to go through extra steps to avoid setting up second factor authentication. And Google will bug you very regularly to please reconsider.
I hear you about not being connected to the internet. That probably makes sense for a lot of devices that have internet access these days. I really don't understand why my window blinds or my house lights need to have internet access. But one of the main features of Nest cameras is in fact the ability
Re: (Score:2)
The cameras didn't get hacked. Their security is fine. They probably just connect via VPN to the server, that's the secure way to handle things like this.
The problem here is that they didn't mandate 2FA on a critical account like a security camera. People's email addresses and passwords were leaked from some other website and because they used the same one for Nest people just go through the list looking for active accounts.
This happens all the time and not just to Nest, but usually someone getting in to yo
Re: (Score:2)
The problem is that EVERYONE designs these things poorly. It's not users leaving front doors wide open, it's doors that are designed to be wide open.
The cameras and microphones etc. are designed to connect to the internet, a bad idea. Once they design that, they you have to trust the router, the ISP, and of course any wifi you have.
Yes this can be less user friendly, but if done correctly, these devices should by default be far safer. You can always enable an option to let said devices operate over the internet if some idiot actually wants to do that. But with a device designed to work on a local network, then even using the internet would be safer (as you can require first time logins to be done on the local network.)
Back when Moby Dick was a minnow, a salesperson was trying to sell me a firewall that had EVERYTHING disabled. Everything. He told me it was ultra-safe and that I'd have to whitelist stuff the firm needed.
You shitting me?
Re: (Score:2)
I have a hard time feeling sorry for these "victims".
You're making the rash assumption that these devices are secure if used with a secure password.
You are grossly mistaken.
Re: (Score:2)
I'm sorry but you can't leave your front door wide open then run around complaining that people are robbing your home.
Actually, you can. Leaving your door open does not make it legal or ethical for someone to rob your house, and if they rob it you have every right to be appalled.
Whether or not the author of the article blames Google, one of the main points here is that this stuff can happen and it's not perfectly obvious (technically and/or statistically) to Joe and Jane Consumer how readily it can happen. A large part of the message here is that this CAN happen.
It's nice for you if you already knew that. It would help
Re: (Score:2)
and if they rob it you have every right to be appalled.
In my state you're allowed to shoot them. Even if the door was open.
People definitely leave doors open in the summer. It is a thing. Windows too.
Re: (Score:2)
"Leave your front door open, and someone walking in isn't legal, but there too it is 100% expected."
That is actually false. If you leave your front door open *as in unlocked* then it is NOT unlawful to enter the premises. That is why "Breaking and Entering" is called "Breaking and Entering". There is a requirement for the "breaking" and the "entering". If there is no "breaking" there cannot be "Breaking and Entering".
Now then, I suppose that you could leave the door open and put up a "Do Not Enter" sign
Re:Class action lawsuit (Score:4, Interesting)
The hack on nest last year didn't even need a password. It used a fucking old version of snmp which you overflow and get dropped to a shell.
Re: (Score:2)
I agree with you.
If Nest were to stop the install process until the consumer 1.) entered a strong password and 2.) filled out the necessary information for 2FA, the buyers would bitch and buy a camera that self-installs like Nest does.
Re: (Score:2)
>Why? Because people can't be bothered to use a reasonable password for stuff like a camera that can be accessed by complete strangers and watch their every move?
The Nest app harasses me to turn on 2FA every time I use it. I'm unconcerned about someone changing the thermostat setting or looking at the steps to the front door.
If the cameras were inside the house, I would not be using a cloudy convenience service at all.
And Google is correct (Score:5, Insightful)
Only an idiot would wire their house with surveillance devices that connect to the internet in the first place.
And anybody who uses weak passwords on them is asking for strangers to hack their surveillance system and watch them pee.
Zero sympathy for anybody who buys such devices, and less than zero for anybody who invites random people on the internet to hack them. This stuff is working exactly as it was designed to.
What they hell did you expect?
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
I suppose there's always
Re: (Score:2)
Re: (Score:2)
People I know that had a nanny when they were a child: 0
People I know that employ a nanny for their children: 0
People I know that employed a nanny for their children: 0
People I know using cameras as part of their childcare: All of them.
Something tells me that you haven't got a fucking clue.
Re: (Score:2)
Re: (Score:2)
Synology's NAS devices make it pretty easy (though not cheap) to "make your own cloud". You can use their servers to make it even simpler, if you like, but anyone with even a modicum of tech savviness can figure out how to VPN into their devices. Open a port on your firewall and be done. It's not perfectly safe, but it's a hell of a lot better than relying on a Google account. Best of all, you control the device and the connection, and you can turn it off whenever you like without losing the LAN functionality.
Appreciate that your post is meant to solve the author's problem. If he's unwilling to establish 2FA, he's for sure not gonna do all that shit, right?
Re: (Score:2)
"Secondly, the article implies the guy has a nanny, so it doesn't seem unreasonable to assume that both he and his wife work and remote access via the Internet will be (and will remain) a desirable feature."
But the device was accessed from the Internet as intended. What is the problem?
Re: (Score:2)
If he replaces it with a local-only camera that records to SD card, he'll likely be fine. He'll still be able to view it on a device on his LOCAL WiFi network.
Maybe, but one thing that's clear is that he won't understand a goddam word you are saying.
Re: (Score:2)
Exactly. Perhaps the article was accidentally posted here rather than The Onion?
Problem isn't the devices (Score:2)
Unfortunately, people have decided that a VPN server is too hard to set up and run. So opt instead
Re: (Score:2)
It is totally unreasonable to expect the average user to understand the problem. Seriously, that's stupid on your part. Do you understand the chemical composition needed to make concrete stable? But you depend on it every day.
Nearly(?) all of the IoT manufacturers and vendors should be sued into oblivion for intentionally making and selling devices designed to be insecure and to endanger the purchaser. Yes, if you're technically knowledgeable you can work around them, but that's not the correct level of
Re: (Score:2)
Nearly(?) all of the IoT manufacturers and vendors should be sued into oblivion for intentionally making and selling devices designed to be insecure and to endanger the purchaser.
No. The market wouldn't exist if it had to use military level security mechanisms.
I do blame the people buying shit without understanding the risks and seeking mitigations. It's their own fucking fault.
If you want to change these things, try focussing on education.
Re: (Score:2)
Why would you think that? I have a friend who is certainly not an idiot. And he has these stupid "cloud connected camera's". Outside the house. And the Risk Assessment basis? Assuming that the camera's are totally insecure and can be accessed by anyone on the Internet, they cannot see anything that they would not be able to see were they to stand at an appropriate vantage point on the public street. And there is no way to prevent that. Therefore adding the cloudy camera's adds absolutely zero risk th
sheeple (Score:3)
and secondly, if you don't think google is listening/ watching with either sub minimum wage off shore slaves or with "AI" in a goal to monetize your private life - you're a chump.
Re: (Score:2)
Seriously, though - lots of landlords have started forcing things like camera entry systems and front + apartment door locks on people with no guarantees that the services they run will be secured in even the most basic ways.
Re: (Score:2)
All they have to do is open the local weekly newspaper, find the advertisement for the local Rent a Nerd, and have them set up private "cloud" services on a computer that is always connected.
If you know the basics of what you want, it is no different than calling a plumber to install something. And if you don't know what you want... how do you know you want it?
It is actually pretty easy to just buy a security DVR system and run a client over a VPN, it might only cost $35 for a nerd to do the setup.
Regulation? (Score:3)
Obviously an average citizen is not capable to comprehend or does not have enough time to get familiar with this kind of technology, they believe the salesman that it's cool and fashionable, yet it's an Orwellian world not forced upon us, but embraced and payed by us - maybe a role for a government to regulate responsibilities and security standards of such devices.
Also it's time to treat such hacks as they truly are, a criminal act of burglary or even a home invasion and not just a trick.
BTW, maybe a little far-fetched in this context, but I consider the "Cube" one of the most clever and foreseeing movies I've seen.
Re: (Score:2)
maybe a role for a government to regulate responsibilities and security standards of such devices.
Dollars to doughnuts this guy's password was compromised through his own actions, and now he's blaming Google for it.
We don't know that to be true for a fact, but it is the most plausible explanation for this situation.
Even the attacker told him how to solve the problem, change his password. Although if he's doing it from a compromised PC, they'll just get his new password.
I remember when I got an IRIX 5.3 box (Indigo R3000) and connected it to the 9 net. Demon and I were both working at Tivoli at the time
Re: (Score:2)
maybe a role for a government to regulate responsibilities and security standards of such devices.
Dollars to doughnuts this guy's password was compromised through his own actions, and now he's blaming Google for it.
Good point, however from my experience I can say that such devices stop getting upgrades after a few years, when any complicated password is not much of a protection, additionally it is still an invasion, regardless of how easy it is. I heard in Canada people mostly don't lock their doors, but it does not mean that it's OK to enter not being invited.
Re: (Score:2)
Obviously an average citizen is not capable to comprehend or does not have enough time to get familiar with this kind of technology, they believe the salesman that it's cool and fashionable, yet it's an Orwellian world not forced upon us, but embraced and payed by us - maybe a role for a government to regulate responsibilities and security standards of such devices.
Also it's time to treat such hacks as they truly are, a criminal act of burglary or even a home invasion and not just a trick.
BTW, maybe a little far-fetched in this context, but I consider the "Cube" one of the most clever and foreseeing movies I've seen.
So no room for considering that the fucking consumer didn't follow directions?
Maroons ... (Score:2)
If you buy something to put in your house that is designed to be "Remotely Accessed from the Internet", then what it the surprise when it is remotely accessed from the Internet? Seems to be working as designed to me.
Buy Stupid products (Score:2)
What a Nesty hack! (Score:2)
Thank you, thank you. Try the veal. It's from boy cows murdered by the big milk. Yummy.
Thanks. I get my veal from the local lion. (Score:2)
You asshat would probably call the very first organism that ate another organism, before photosynthesis was even a thing, a murderer. Or is it just those with the cutesy features?
The meme is true (Score:5, Informative)
I work in IT, which is the reason our house has:
- mechanical locks
- mechanical windows
- routers using OpenWRT
- no smart home crap
- no Alexa/Google/Assistant/..
- no internet connected thermostats
Re: (Score:2)
Yeah, and I won't do on-line banking. But *TRY* to explain this to some non-technical user, no matter how intelligent. A couple of people took my decisions on faith, but they didn't take it because the understood the problem.
You will love Germany then. (Score:2)
Cash still is, and always will be king here.
Many shops don't even accept any cards at all. And proudly so.
Re: (Score:2)
Yeah, and I won't do on-line banking.
The only time online banking could be any worse than your existing banking activities is if you're doing it via an already compromised system, in which case you're already fucked.
Even then online banking doesn't add any new risk vectors for me; my bank has adequate security measures in place.
Remember, banks have nothing to do with money. They're just big fat data processors, and every system interaction puts your account at risk - whether you initiate that interaction or not.
Re: (Score:2)
Yes, banks are also a danger, in and of themselves. But there's federal insurance and a few other backstops. It's not great, but it's there. (I also try to spread my accounts to different banks.)
OnLine banking, though, involves transmitting financially identifying information over the internet. You're depending not only on your own system being secure, but also your ISP, and the code that the browser is running, and... well, an unknowable number of extra factors. Each one is relatively low risk, but...
Re: (Score:2)
Yeah, and I won't do on-line banking. But *TRY* to explain this to some non-technical user, no matter how intelligent.
Try to explain it to me. I'm highly technical, computer and cryptographic security is my day job and has been for decades. I think I'm also reasonably intelligent And I think you're wrong, and there's nothing wrong with using online banking.
I would recommend avoiding banks that don't offer 2FA, and strongly recommend banks that support non-SMS 2FA. I would also recommend using passwords which are unique and strong enough that you can't easily remember them. Put them in a password manager. Also rememb
Re: (Score:2)
No on-line banking.
No wifi.
Re: (Score:2)
- No Facebook or other social media (other than /.)
Re: (Score:2)
No Facebook or other social media (other than /.)
Given that we're all massive dickheads to each other here slashdot is more antisocial than social.
Re: (Score:2)
I work in IT, which is the reason our house has:
- mechanical locks - mechanical windows - routers using OpenWRT - no smart home crap - no Alexa/Google/Assistant/.. - no internet connected thermostats
I not only "work in IT", I'm a computer security engineer with 30 years of experience, who has worked for and consulted with banks[*], military organizations and other security sensitive organizations. And my house has:
- Smart locks
- A Google OnHub router
- Lots of smart stuff, some I built myself (Arduino and RPi-based), most commercial
- Google Homes (many of them)
- Two Internet-connected thermostats
- oh, and Nest cameras.
Security is my full-time job and has been for a long time, and what I've learn
Re: (Score:2)
I'm intelligent which is why I manage passwords properly and use 2FA.
No need to go back to the stone ages just because you work in IT and can't figure out how to secure technology.
Playing porography "worse" than baby stealing. (Score:2)
If there ever was a textbook example of religious fundamentalist delusions and brainwashing ...
Holy hell, imagine such a person ... who actually believes not only that that would do anything at all to a three year old ... but also that they'd rather have their baby stolen!
And it's not some middle-eastern desert backwater literal cave people... It's people who believe they are the first world!
Wha? (Score:2)
How is it Google's fault that you're an Internet idiot? Is it Toyota's fault if run out of gas? Is it the grocery store's fault if you drop the eggs?
Grow a pair, admit you fucked up, assume some personal responsibility, and maybe, just maybe, learn a lesson.
Evidence? Why so lazy? (Score:2)
The author of the claim appears credible, but surely there are audio recordings and/or video of this activity happening, beyond a claim that a Google search had hits with certain keywords? Not to mention what the search results meant in context. If it's real, then he's just being really really lazy at substantiating his claim, which isn't worth reporting. If it's fake, or something else, then it's a form of malpractice and abuse. I'm leaning more towards lazy, but this is also feeding into an anti-Google bi
PEBKAC (Score:2)
Re:Refuses to use the solution? (Score:4, Interesting)
Re: (Score:2)
If two factor is only available by cell phone stuff, then I don't do it, either. I don't want any of these mega corps getting my cell phone number. That's fucking insane. I do two factor with a USB key where I can.
I guess I'll be "that prick," but you're missing out on a lot of fun shit for no good reason.
They have your phone number. I know you are aware that every goddam corporation worth a shit has been breached.
Re: (Score:2)
Re: (Score:3)
Just use the authenticator app...not that getting your cell number matters...and can be done without asking you for it.
Ironically, Google Authenicator (or Authy, or other OTPs) aren't supported by Nest.
Re:Refuses to use the solution? (Score:4, Insightful)
Why is he refusing to use the solution here?
Wrong solution:
We unplug the cameras and change all passwords...
Right solution:
We unplug the cameras and throw them in the trash
Re: (Score:2)
Re: (Score:2)
Why is he refusing to use the solution here?
Wrong solution:
We unplug the cameras and change all passwords...
Right solution:
We unplug the cameras and throw them in the trash
Wrong.
Right solution:
Follow the goddam manufacturer's recommended settings including a strong password and 2FA.
Re: (Score:2)
Because users are too stupid to use devices securely? I mean your anti-Google rant is fun and all, but you're right there with the TFA writer in blaming someone about something that had no impact on you what so ever.
*golfclap*.
Two-STEP! There is no two-factor! (Score:2)
Unless it's some high security / military technology, or a true geek created it, it is most definitely *not* two *factors*.
No, your phone is *not* "something you have". If you even know what I'm talking about. It is just as easily hacked with the same methods as your other computer. E.g. since both are protected by a insecure password, or worse.
Re: Two-STEP! There is no two-factor! (Score:2)
Shhhhhhh! The children are sleeping - don't wake them.
Re: (Score:2)
The full functionality of the device requires it to be on the internet. Therefore the whole point of buying such a device is to connect it to the internet. Because most of us have crappy internet connections, we need some kind of helper to get access to our own network from outside, and most people aren't clever enough to set up their own even if they wanted to. They'd just be creating a single point of failure that they'd have to maintain.
Re: (Score:2)
My question is why does it need to connect to the Internet? Security cameras have worked for decades before the Internet. Why does everything need to be on it now?
So you can access it remotely. So it can send you alerts when it detects suspicious behavior. So you can store the video on the cloud where it's backed up even if your house burns down or the camera system is stolen. And that's just off the top of my head. Why do people turn off their imaginations when they come to slashdot?
Re: (Score:2)
attached to the Internet?
They're exhibitionists?
Note: Two-step. Not two-factor. (Score:2)
Because it never is.
Just twice the same factor with the same crackability.
No it doesn't. (Score:2)
Because it has no two-factor auth.
It has two-*step* auth. With twice the same factor with the same crackability.
A different factor means an entirely different kind. Not the same kind on a different device.
So I suggest not throwing stones from inside your glass house.