Couples Nest Security Hacked
-
@DustinB3403 said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain in cyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
/sigh
that's ridiculous.Not really what is ridiculous is that there is no authentication mechanism in place. That is the fault of the maker
Okay, fair enough.
So when I think of accessing cameras anywhere i start thinking of "Ring" doorbells, Similar situation here?Ring and Nest generally have authentication.
This person was just a jackass and ignored all of it.
Lol, Nest was one of the big companies that had huge security feelings a few years ago. I don’t care that
googleAlphabet owns them I will never trust them.I've FTFY.
Fixed what?
Wtf is Alphabet -
@WrCombs the new parent company of Google.
-
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs the new parent company of Google.
Google got bought out then?
-
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs the new parent company of Google.
Google got bought out then?
No.
They formed a new umbrella and everything "google" is now under that umbrella company Alphabet.
-
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs the new parent company of Google.
Google got bought out then?
No.
They formed a new umbrella and everything "google" is now under that umbrella company Alphabet.
i just skimmed this :
https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Alphabet
-
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs the new parent company of Google.
"New", it's been a while.
-
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs the new parent company of Google.
"New", it's been a while.
how long is a " While"
-
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs the new parent company of Google.
"New", it's been a while.
how long is a " While"
- An eternity in IT terms.
-
@scottalanmiller said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs the new parent company of Google.
"New", it's been a while.
how long is a " While"
- An eternity in IT terms.
3 years is a pretty long time, id say.
Was curious cause i've seen people say a while and only mean a few days/months tops. -
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Edit
that's the most idiotic thing I've ever heard. -
@JaredBusch said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Edit
that's the most idiotic thing I've ever heard.They created a website to look for these items?
-
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain in cyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
/sigh
that's ridiculous.Not really what is ridiculous is that there is no authentication mechanism in place. That is the fault of the maker
But there is, even two factor!
-
@DustinB3403 said in Couples Nest Security Hacked:
Technically speaking the person who "hacked" into this system can still be brought up on charges of "hacking". Regardless of the insecure passwords and failure to use 2FA.
Correct. It is still illegal, no matter how easy it is.
-
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
Technically speaking the person who "hacked" into this system can still be brought up on charges of "hacking". Regardless of the insecure passwords and failure to use 2FA.
Im not very hype on the laws of hacking. But that doesnt surprise, at the very least they were maliciously taking over someone elses property. That's technically theft (?)
No, it wasn't stolen. That's different. This was hacking.
-
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
That's a bizarre and unrelated assumption. What makes you believe this or mention it?
-
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
Technically speaking the person who "hacked" into this system can still be brought up on charges of "hacking". Regardless of the insecure passwords and failure to use 2FA.
Im not very hype on the laws of hacking. But that doesnt surprise, at the very least they were maliciously taking over someone elses property. That's technically theft (?)
No it's illegal hacking. Plain and simple.
"You aren't allow in here, because you broke in".
The same thing applies in this example.
"I leave my house unlocked and the doors open while I'm gone for the day, someone comes in and steals all of my stuff".
Am I at fault? Sure somewhat for not using deterrents to prevent theft (locking my doors), but it's still illegal to enter someones property without consent and steal their stuff.
Hacking is more similar to breaking and entering, than to theft. Both are illegal, but a different sort of thing.
-
@Dashrender said in Couples Nest Security Hacked:
@coliver said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
Is that possible with Nest?
With nest I don’t know with others absolutely
Sure, but this is a Nest thread. Very unlikely it would use UPnP or be exposed in that way. Doesn't make sense to just inject that unless you know that that is a vulnerability with the specific product at hand.
-
@scottalanmiller said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
Technically speaking the person who "hacked" into this system can still be brought up on charges of "hacking". Regardless of the insecure passwords and failure to use 2FA.
Im not very hype on the laws of hacking. But that doesnt surprise, at the very least they were maliciously taking over someone elses property. That's technically theft (?)
No, it wasn't stolen. That's different. This was hacking.
I understand that, I got the two confused.
It's more like a hijacking / breaking and entering for sure. -
@scottalanmiller said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain in cyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
/sigh
that's ridiculous.Not really what is ridiculous is that there is no authentication mechanism in place. That is the fault of the maker
But there is, even two factor!
I think this was in regards to UPnP
Not Nest directly. -
The implication in the thread title that Nest messed up is the problem.