Can a Nest Hello Doorbell be Hacked?

Nest Hello On White Home

When I was considering purchasing the Nest Hello Doorbell, I wondered whether it could be hacked. So, I did some research to find out how safe the Nest Hello Doorbell really is.

So, can a Nest Hello Doorbell be hacked? In the past, the Nest Hello Doorbell has been hacked through firmware gaps. Any piece of technology needs to be upgraded as hacking techniques evolve. It is unsurprising that it has been hacked and still could be hacked because nearly everything is hackable. 

Most people are under the illusion that when they purchase a piece of technology, it will remain safe and private. The general populace knows hacks happen, but lives under the assumption that it will never happen to them.

In the case of the Nest Hello Doorbell, and nearly every other piece of tech, hacks are almost inevitable, but the good thing is, is that companies take hacks seriously and resolve the issues found.

How the Nest Hello Doorbell has been Hacked in the Past

Nest Hello Doorbell cam has a LOT of really cool features like integration with the rest of your smart home devices and 24/7 live monitoring. Your Google Home can even tell you when someone is approaching your door, or even who it is because of facial recognition. How cool is that?!?!

But…along with some really cool things, if the security of your product was ever compromised, those same cool things could turn into really scary things.

Jason Doyle Bluetooth Hack

At the end of 2016, Jason Doyle (a security researcher) found a flaw with Nest. This flaw could potentially allow a hacker to create a vulnerability allowing for a 90-second window of availability them to do whatever nefarious thing they might want to do.

This security flaw didn’t just apply to the Nest Hello Doorbell, but was across all Nest cameras.

The actual security flaw was very dumb. Hackers could send a WiFi password parameter, a WiFi SSID parameter, or a new nonexistent WiFi SSID parameter to the Nest camera device via Bluetooth.

What this would do is cause the camera to crash or reboot for around 90 seconds as it tries to access this WiFi.

You might be thinking cool, so he told Nest and everything was good to go, right?

Nope. Apparently, it takes a lot longer for security flaws to be fixed than you might think. Doyle checked months later and found that the security flaw was still there and could be exploited by potential hackers. So, he took things into his own hands and published the hack online.

And when I say published it online, he published everything online including the code necessary to cause the Nest Cameras to disconnect and reboot.

This was a major scare because that meant whoever saw the code could exploit that flaw and break into someone’s house right then and up until a patch was implemented.

Whether it was due to the bad press or whether it was because Nest finally developed the security fix, we’ll never know. But a patch was created to fix this security vulnerability.

The good about this whole thing is that because Nest products are actively connected to WiFi, and they are cloud devices, Nest can roll out updates continuously as needed until the product flaw is completely resolved.

No Other Hacks?

Not exactly, well, at least not a hack specific to the Nest Hello Doorbell. In my research, I was only able to uncover the Jason Doyle Bluetooth hack. Other “hacking” instances uncovered online primarily revolve around users who have had their passwords leaked online, or exposed through other websites and is not a Nest specific problem.

For example, that really bad Target hack a couple of years ago? LOADS of people had their information including some credit card numbers, addresses, not to mention user names and passwords exposed.

Hacks like that reveal user passwords. If people keep using exposed passwords for other things like the Nest Hello Doorbell, “hackers” can exploit that weakness. Is it really hacking though if they’re just using your password? ¯\_(ツ)_/¯

Recent Newsworthy Nest Cam “Hacks”

In full disclosure, none of these recent “hacks” have occurred on Nest Hello Doorbells, but on other Nest Home Security Cameras. However, because the Nest Hello Doorbell and other Nest security cameras employ the same use of tech, this hack could have just as easily occurred on the Nest Hello Doorbell.

Korean Ballistic Missiles

On January 22, 2019 (that’s just a few days ago!) a truly deadly scare happened to a family in California.

Imagine if you were just home alone with your family, maybe playing games, watching a movie, or maybe you just ate a delicious meal. Nothing could be better, right?

Well, it couldn’t get worse than being terrified of nuclear incineration. That’s what happened to a family in California this week.

All of a sudden there was a very loud announcement from the “Civil Defense” reporting that North Korea had launched ballistic missiles and president Trump had been taken to a secure location.

The announcement then went on to say that the United States had already responded and was now warning those in the affected areas that they had 3 hours to evacuate.

This isn’t the Cold War. Nuclear War is not even close to happening right now. Imagine being scared out of your wits without any kind of precursor warning. It would be pretty terrifying.

Naturally, there was a high level of panic amongst the family until the internet did not seem to support the report they heard. The source of the nuclear scare? Their Nest Security Camera.

All Nest Security Cameras are equipped with speakers allowing for this message to get through. Whoever managed to gain access to their account was able to view their reactions through the camera as they spoke. Some kind of sick entertainment, am I right?

“In Your Baby’s Room”

This terrifying incident occurred on December 20, 2018. A couple in Houston awoke to some beeping and then sexual expletives. On the horror movie scale, this is already pretty high up there.

The noises were coming through a baby monitor linked to the Nest security cam in their baby’s room. The horror movie scale goes up.

When the couple turned on their light and sat up, the Nest camera turned on in their room and the man’s voice told came from the camera speaker telling them to turn off the lights, he was in their baby’s room and was going to kidnap their child. This is every parent’s very worst nightmare.

The father ran upstairs and the baby was indeed oblivious, and no real danger in sight.

The hack? Again, it wasn’t a hack on the Nest system itself but by exposed online passwords.

Still, this kind of scare does not make users feel safe.

Arizona Man

This case made national headlines because an Arizona man recorded himself talking to this do-gooder hacker.

A man from Arizona started hearing a voice talking to him through his Nest security camera, which is a little uncomfortable, not to mention frightening.

The good news is, this was a nice Canadian hacker (of course, a Canadian). He was a self-proclaimed ‘white-hat hacker’ intent on telling Arizona man his vulnerability, and that his password had been leaked online.

One thing we can feel good about is that this hacker did not try to scare him or threaten to kidnap his children. He only wanted to tell him that there was a vulnerability and how to fix it.

If he hadn’t been told, someone more nefarious could have just lurked, watching and listening leading to fraud or identity theft concerns.

Long Island Family Scare

Like the previous cases shared, this scare started with a voice coming through their Nest security camera.

The difference? This man was speaking to a young child. The family in question used the camera as a kind of nanny cam for their child, allowing parents to speak to the child when they are away.

Children are innocent, and the boy had no idea. He just told his mother the voice wasn’t daddy. It’s a terrifying situation all on its own, but throw children into the mix and the scare level goes up every time.

What They All Have in Common

All of these “hacks” are recent and made national headlines. Two things that could cause potential purchases to shy away from actually a very secure product.

None of these hacks were actually “hacks.” As scary as it sounds, these security breaches were all caused by the exposure of passwords online through other massive hacks like the Target hack. None of them have been traced back to a security flaw on the part of Nest.

So, what’s the answer then? How can you be safe?

Along with many other pieces of software, emails, phones, etc. Nest has introduced two-factor authentication. However, it is not required like most two-factor authentication roll-outs, users can choose that setting on their nest account or via the Nest app.

Two-Factor authentication requires users signing into the account or app to also type in a pin that was texted to their phone. The phone in question would be the phone actually paired with the Nest device or attached to the Nest account. No more people taking advantage of your exposed passwords.

Still, you should try to update passwords frequently. Not every 30 days or anything like that, but more along the lines of twice a year for accounts that don’t require two-factor authentication. If you’re still concerned, change it after every published data security breach to be on the safe side.

The Notorious Nest Thermostat Hack

All the way back in 2014 Nest had a massive security issue with its thermostat.

You’re probably thinking well, it’s a thermostat, big whoop, what harm could it do?

Actually, a lot. This product was part of the groundbreaking start on the massive explosion that would become “the internet of things.”

Not only could someone hack your device and simply change your temperature, but because it is a smart device, they would be able to find out your comings and goings based on the Nest thermostat settings. The smart burglar could theoretically know when you were gone and break in.

The good thing is, this hack was actually discovered at a BlackHat security conference. Two hackers made the Nest thermostat display the red-eye from 2001: Space Odyssey.

Naturally, this hack made huge headlines because smart products were just coming to market and there were plenty of concerns about security. The security flaw has been patched, and there haven’t been too many major Nest hacks since.

Hacks are Actually a Good Thing

Hacking is a two-edged sword. You wish it wouldn’t happen, but you’re glad it’s there to expose weaknesses you didn’t know were there so things can get fixed.

Since the internet has come online, hackers have been on the scene. You would think that this would be more of a problem than a good thing, and usually, you’re right. Hackers have done, and do do a LOT of damage.

Though recent hacking instances remind us of what makes hacking so dangerous and terrifying, they also reveal a need and an albeit late solution to the problem.

Companies try as hard as they possibly can to polish and refine their products before they release them onto the market. If their products aren’t high-quality products, it will disparage their company name and ruin their reputation.

For the most part, it’s not like companies wantonly release a product they know has giant breachable gaps in security that can be abused by hackers.

Technology is not a stagnant force in the world. Our world’s progression in the tech realm is being dubbed the fourth industrial revolution. As is the case with any industrial revolution, tech developments and processes are constantly evolving. If not so, no progress would be made.

When flaws are found, they are fixed, that is the way progression occurs.

How Companies Have Responded to Hackers

In the modern age, technology is at a large number of fingertips. This means that information is quickly accessible, and the 24-hour news cycle has a lot of time to spill the beans on companies with security and privacy breaches.

In the past development was largely a process and went unfettered, however, in our litigious society, “mistakes,” i.e. the essence of progress, can cost you millions in lawsuit damages.

In part to prevent lawsuits, and media muckraking, but mostly to put out a quality product, companies have started to hire what they have dubbed ‘ethical hackers’ or ‘white-hat hackers.’

Companies hire them to try and hack their products which generally reveals the weaknesses of the product and allows for fixes to be made before the product goes into production and gets put on the market.

For those with the hacking skill set, it breeds competition and becomes almost a game. Each hacker has a unique coding style and a lot to prove. Companies often will capitalize on that and advertise hacking competitions that can make hackers names.

This competitive spin also helps companies because it calls together groups of very unique individuals that approach problems differently. It goes back to the phrase ‘two brains are better than one,’ or ‘needing a second pair of eyes.’

Problems are often better solved when multiple people approach them differently, which often leads to different pieces of insight. In the case of hacking, this can lead to multiple “weaknesses” being brought to light, which then allows fixes to be made to those problems.

Related Questions:

Are smart homes secure? A home is as secure as you make it. Simple precautions like two-factor authentication on your accounts and a strong WiFi password go a long way. As tech evolves, security becomes even more extensive.

Are baby monitors secure? Baby monitors are some of the easiest hacked items on the market. It depends on the type of monitor and the security precautions you’ve placed on it. If you haven’t even though about security on your baby monitor, you may want to look into it. Many times the flaw isn’t in the baby monitor, but poorly secured WiFi connections.

David

David has been an avid DIYer for years. Recently he's really taken to home security, but he has a lot of experience with all sorts of projects from Plumbing to Electrical and Framing to Tiling.

Recent Content