Tech companies are deciding between user convenience and potential damage to their brands.
Tara Thomas had a Nest camera in her daughter Avery's bedroom. It was hacked back in August. By Reed Albergotti Reed Albergotti Reporter covering consumer electronics Email Bio Follow April 23 at 10:28 AM Tara Thomas thought her daughter was just having nightmares. “There’s a monster in my room,” the almost-3-year-old would say, sometimes pointing to the green light on the Nest Cam installed on the wall above her bed.
As hacks such as the one the Thomases suffered become public, tech companies are deciding between user convenience and potential damage to their brands. Nest could make it more difficult for hackers to break into Nest cameras, for instance, by making the log-in process more cumbersome. But doing so would introduce what Silicon Valley calls “friction” — anything that can slow down or stand in the way of someone using a product.
In recent years, this practice, which the security industry calls “credential stuffing,” has gotten incredibly easy. One factor is the sheer number of stolen passwords being dumped online publicly. It’s difficult to find someone who hasn’t been victimized. “They almost make it foolproof,” said Anthony Ferrante, the global head of cybersecurity at FTI Consulting and a former member of the National Security Council. He said the new tools have made it even more important to stop reusing passwords.
It did its own research into stolen passwords available on the Web and cross-referenced them with its records, using an encryption technique that ensured Nest could not actually see the passwords. In emails sent to customers, including the Thomases, it notified customers when they were vulnerable. It also tried to block log-in attempts that veered from the way legitimate users log into accounts.
According to at least one expert, though, Nest users are still exposed. Hank Fordham, a security researcher, sat in his Calgary, Alberta, home recently and opened up a credential-stuffing software program known as Snipr. Instantly, Fordham said, he found thousands of Nest accounts that he could access. Had he wanted to, he would have been able to view cameras and change thermostat settings with relative ease.
What surprises Fordham and other security researchers about the vulnerability of Nest accounts is the fact that Nest’s parent company, Google, is widely known for having the best methods for stopping credential-stuffing attacks. Google’s vast user base gives it data that it can use to determine whether someone trying to log into an account is a human or a robot.
When asked why Nest does not use ReCaptcha, Sathe cited difficulty in implementing it on mobile apps, and user convenience. “Captchas do create a speed bump for the users,” he said.
Malaysia Latest News, Malaysia Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Bird builds nest in brand new high school stadium, delays grand opening until eggs hatchThe killdeer is protected by a 118-year-old treaty.
Read more »
Living in Australia, Brett Brown once stole eggs from an emu's nest for an omeletThe rise of Brett Brown and the rise of basketball in Australia paralleled each other. Many of the Australians in the NBA -- past and present -- have ties to Brown, including Kyrie Irving and Ben Simmons.
Read more »
2 Big Bear bald eagle chicks hatch on livestreamAfter weeks of waiting, bald eagle parents welcomed a new chick in their nest in Big Bear, one day after witnessing another chick hatch.
Read more »
People Play The Generational Lottery With Their Retirement Savings AccountsSaving for retirement is a massive long-term undertaking that comes with tremendous financial risks. The likelihood of not doing well enough to have a decent nest egg for one’s old age is substantial. And that risk is in large part a matter of one’s birthday, not one’s financial acumen.
Read more »
Here’s what everyone gets wrong about this famous Steve Jobs quote, according to Lyft’s design bossOne of Steve Jobs' most famous quotes is a counter to the phrase, 'The customer is always right.' But it's often misunderstood, says Lyft's design guru Katie Dill.
Read more »
Drone company Wing gets ‘air carrier’ approval from FAA, allowing deliveries that will launch in VirginiaA delivery venture that is part of Alphabet will launch a commercial service in Blacksburg, Va., within months and plans to go nationwide later.
Read more »
Gender ‘X’: Nevada to allow nonbinary people to self-identify on IDsNevada’s new driver's license and state ID policy should serve as a “model for the rest of the country,” transgender advocate Ray Mcfarlane said.
Read more »
Health-care stocks keep getting hammered — Wall Street says this is whyFour of the Dow Jones Industrial Average’s 10 biggest losers on Wednesday were health companies, including UnitedHealth Group Inc., Merck & Co. , Pfizer...
Read more »
INTRODUCING: The 10 people transforming how the world gets aroundBusiness Insider named 10 transportation leaders to its list of 100 people transforming business. They include the CEO of a self-driving car startup, a prolific airline entrepreneur, and the logistics boss of the biggest retailer in the world.
Read more »
23 Things People Swear By For Getting More SleepIf you're getting less than eight hours...keep reading.
Read more »
The founders of Home Depot originally couldn't pay people to shop in their storesHome Depot struggled at first. The founders even ran a promotional stunt where it handed out dollar bills to Atlantans, but it didn't help.
Read more »