Security Hack: Family says Nest camera taken over by hacker
Home security systems are meant to protect and make families feel safe, but an Action News Investigation finds hackers are infiltrating them.
Trisha Lockwood tells Action News, on Super Bowl Sunday, an unknown man started talking to her 5-year-old son Shane through the Nest security camera in his bedroom.
"He says 'Mommy, there is a man's voice in my room,'" said Lockwood.
Lockwood said her son heard "creepy sounds" and the words "Shane, buddy."
Shane went running to his mother.
"We were scared. We shut our bedroom door and said to him stay in here because at that point we thought they could see us," Lockwood said.
She then pulled the camera out of the wall.
RELATED: Man says thermostat was 'hacked', urges app users to check passwords
Lockwood is not alone. Phoenix homeowner Andy Gregg had his Nest system hacked last year.
He took video of his conversation with the voice coming from the camera. That voice belonged to hacker Hank Fordham of Anonymous Calgary.
"We are 'White Hats.' We don't have any malicious intent," Fordham's voice said.
"Are you able to see where I live and everything?" Gregg replied.
"Yeah, I don't see where you live now, but if someone was really that dedicated, I mean, yeah, they could," Fordham said through the security camera.
Fordham said he hacks into home security systems to alert owners of vulnerabilities. He calls himself a 'White Hat,' meaning a hacker with good intentions.
"Andy Gregg's information was compromised and leaked online as a bulk list of a database leak, and that's what generally happens," he added.
Fordham said that information in Gregg's case was a username and password.
And it was one Gregg had used for multiple accounts.
Fordham said hackers can test the usernames and passwords with software.
"They'll use web automation tools to use that information against a whole plethora of websites: Facebook, Netflix, you name it," he said.
Fordham says he has broken into a half dozen security systems simply to warn consumers to activate their system's two-step verification. It's an extra layer of security that helps prevent hacking.
The 23-year-old "White Hat" believes Nest should force customers to use it and require password resets every few months, or the growing hacking underworld will take advantage.
"People trade these publicly on forums; some forums even pride themselves and their users on trading these combos back and forth between each other," he added.
Google, which owns Nest, tells Action News that it cannot comment on any particular case, but said "Nest was not breached...These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of security risk."
Google said it's also considering new security measure to prevent this sort of hacking.
Lockwood says her husband works in the information technology world, so she warns if it could happen to her family, it could happen to anybody.
So how can you find out if your usernames and passwords have been compromised? Here's a video to walk you through the steps to find out, as well as tips to prevent your accounts from being hacked:
