“5 Minutes of Sheer Terror”: Hackers Send Family Incoming Nuclear Missile Alert
It was just another Sunday afternoon and nothing foretold any troubles for the family of Laura Lyons until suddenly, something akin to a war broke out in the Orinda, California home.
Laura Lyons was preparing food in her kitchen Sunday when the lazy afternoon took a turn for the absurd. A loud screeching noise – similar to the beginning of an emergency broadcast alert siren – began blaring throughout the living room, warning the family that three North Korean intercontinental ballistic missiles were headed toward Los Angeles, Chicago and Ohio…
“It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate,” Lyons said Monday. “It sounded completely legit, and it was loud and got our attention right off the bat… It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on.”
The mom and her husband were frozen in shock, as their 8-year-old son crawled underneath the rug.
“Mommy, is there a missile coming?” their young son asked when the frightening message repeated a second time.
As she tried to calm her son, Lyons’ mind raced.
“My first thought was which car are we going to get into now because the Bay Area would be such an obvious target,” Lyons said. “I was thinking we can stop at our friends in Napa. I was disappointed I didn’t have much cash on me. I was going right down the rabbit hole.”
The couple was rather confused, though, because the television continued airing the NFC Championship football game they were watching.
Eventually, after several panicked minutes of raced thoughts, the couple realized the apocalyptic warning was coming from their Nest security cam atop their living room television.
The scared woman started to call 911 and the customer service hotline for Nest, a subsidiary of Google, only to learn that they likely were the victims of a “third party hack” that gained access to their camera and its speakers. This was when the panic turned to anger as they found out that Nest knew that there had been a number of such incidents but failed to alert customers.
A Google spokesperson said Nest was not breached in this incident leaving Lyons upset that her privacy was so easily breached, allowing for the traumatic episode to occur.
“They have a responsibility to let customers know if that is happening,” she commented. “I want to let other people know this can happen to them.”
Hours after their noon nightmare, Lyons shared her experience on a local family Facebook group.
“My son heard it and crawled under our living room rug,” Lyons wrote in one post describing Sunday’s incident. “I am so sad and ANGRY, but also insanely grateful that it was a hoax!!”
After what happened, Lyons said her husband killed the speaker and microphone capabilities on the cameras, changed the passwords and added 2-factor authentication.
The family turned out to be not the only victims.
Other Nest users shared their recent experiences, including one man who said he got hacked last week after he heard dogs barking and the sound of laughter in his garage and learned it came from his Nest camera.
“These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of the security risk,” the company said in an email statement. “We take security in the home extremely seriously, and we’re actively introducing features that will reject comprised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”
Reports from across the country indicate a growing problem of hackers accessing the wi-fi-enabled cameras from Nest and other similar companies.
In December, a Houston couple rushed to their infant’s room when a hacker began screaming over the family’s Nest camera baby monitor that he was going to kidnap their child.
The same month, a benevolent Canadian hacker began speaking to a Nest camera user in Arizona, warning him that his system was ripe for hacking and how to protect it.
Privacy watchdog group the Electronic Frontier Foundation has warned about the “intimate placement in our lives” of these smart home hubs and how they collect a wealth of data on an ongoing basis, noting:
“Smart home hubs, including those from Google and Amazon, reserve the right to share data collected from their products for advertising, as well as with companies who make the apps or skills you install on those devices. In Google’s case, it will use data from Home to ‘show you ads that are relevant and useful.”
Adwait Nadkarni, an assistant professor of computer science at the College of William & Mary, was a lead investigator in a December study on the vulnerability of Nest and similar technology.
“Our recent study of the Nest platform shows that it is reasonably secure, in comparison with other similar platforms,” Nadkarni said. “In such cases, the problem most often lies in how the devices are configured and used in the smart home, especially in terms of setting the account password.”
Nadkarni said there have been other hack attacks, but he had not heard of a nuclear hoax.
Nadkarni said the recycling of passwords for multiple online services is even more troubling now with the prevalence of in-home, wi-fi-enabled devices that provide a hacker access inside someone’s property.
“If even one of the services is compromised, the attacker can use the password to gain access to everything else,” Nadkarni said. “I would definitely recommend using a password manager to use different passwords for all services and enabling 2-factor authentication.”
Just last week, a massive list of 773 million emails and more than 21 million passwords were exposed publicly. Individuals can find out if they’ve been exposed to such breaches online at sites such as https://haveibeenpwned.com/.