Attackers accessed Nest cameras and used its speakers to tell victims to subscribe to Youtube channels

Posted 24 January 2019 17:52 CET by Jan Willem Aldershoff

The last couple of days, an attacker has succeeded to login to dozens of Nest cameras because its owners reused their password. Once logged in, the attacker used the speakers of the camera to demand from victims to subscribe to Youtuber PewDiePie. The attacker also asked to prove the subscribe by performing it while he watched on the cam.

Against Vice Magazine, the attacker stated he uses usernames and passwords that have been compromised in various data leaks. With this leaked login data the attacker then attempts to login to Nest accounts. This is sometimes possible, because some Nest owners use the same leaked login data for their Nest account, and possibly many other accounts.  Once logged in, the Nest accounts provide live access to the Nest camera of the victim.

The attacker claims that with this method he obtained login data for 4,000 Nest accounts.

Nest users are advised to reset their password to a unique one, and to use two-factor authentication.

Related content

Comments on this story

We don't show comment's on news stories, instead you are very welcome to join the discussion on this topic on our forum.

Discuss this story here