Alarmed, the Rigneys turned on their lights. Unprompted, a Nest camera in their room activated and the same man’s voice told them to turn the lights back off.
“I’m going to kidnap your baby,” the voice said next, Ellen Rigney recalled to the news station. “I’m in your baby’s room.”
Nathan Rigney bolted upstairs to his son’s crib. But the 4-month-old was fast asleep, oblivious to the unsettling incident that had just transpired and spooked his parents. There was no one else in his room.
That’s when the Rigneys realized they had been hacked — and set about shutting down their cameras and WiFi, as well as calling the police.
Ellen Rigney shared the experience on her Facebook page and later called the experience unnerving.
“I didn’t know what to think. It’s a voice that I’ll never forget,” she told KRPC News. “You have something that’s supposed to make you feel better and instead it makes you feel the opposite. It makes you feel invaded and uncomfortable.”
Unlike the range-limited, walkie-talkie-esque baby monitors of yore, WiFi-enabled baby monitors allow parents to keep tabs on a child from anywhere they have, well, a WiFi connection, not just from down the hall. But the Rigneys aren’t the only ones who have found that these snazzier baby monitors and camera systems are vulnerable to being hacked.
Earlier this month, a man who identified himself as a “security researcher” from Canada hacked into a Nest security camera in Phoenix, according to the Arizona Republic. The Canadian hacker apologized for the intrusion, but told the homeowner — through the hacked camera system — that he was just trying to warn him of a security loophole before hackers with more malicious intent took advantage of the situation.
Of course, the problem isn’t limited to baby monitors, and in fact, Nest cams are simply general-use home security cameras that many parents have adapted as baby-monitoring devices. In truth, any home device connected to the Internet can be hacked — from printers to “smart” refrigerators to thermostats.
A Nest representative told The Washington Post that the company could not address specific cases, but urged all customers to use two-factor verification.
In addition, Nest has reset all accounts where customers had reused passwords previously exposed through breaches on other websites, the company said in a statement.
“Even though Nest was not breached, these customers were vulnerable because their credentials were freely available on the Internet,” the company stated. “Each customer has received instructions on how to establish new credentials. For added password security, we’re preventing customers from using passwords which appear on known compromised lists."
A recent report in Wired magazine — titled “How to Make Your Nest Cam Baby Monitor More Secure” — advised new parents to activate WPA2 encryption protocols on their router and to think about subscribing to a VPN service, among other, more basic tips.
"The first is to change your camera’s password to something that isn’t ’1111111′ or ‘iloveyousweeties,’ ” Wired’s Adrienne So wrote. “Update the firmware regularly, and unplug the Nest when it’s not in use.”