Illinois Homeowner's Blood 'Ran Cold' as Smart Cameras, Thermostat Hacked, He Says - NBC Bay Area
Investigations

Investigations

In-depth investigative reporting from NBC stations across the country

Illinois Homeowner's Blood 'Ran Cold' as Smart Cameras, Thermostat Hacked, He Says

“Right as I approached the baby’s room, I heard a deep voice talking to him,” Sud said.

    processing...

    NEWSLETTERS

    My 'Blood Ran Cold' as Smart Home Was Hacked: Homeowner

    A Lake Barrington homeowner hasn’t had a restful night’s sleep in 10 days, after he said his Nest home security cameras and thermostats were accessed by malicious hackers. Katie Kim reports. (Published Wednesday, Jan. 30, 2019)

    A Lake Barrington homeowner hasn’t had a restful night’s sleep in 10 days, after he said his Nest home security cameras and thermostats were accessed by malicious hackers.

    “I couldn’t believe that these devices that I had put up in my home to watch over it, my family, were now being used against me,” said Arjun Sud.

    Sud tells NBC 5 Investigates that shortly after he and his wife put their 7-month-old son to bed on Jan. 20, they heard a strange noise coming from inside the nursery.

    “Right as I approached the baby’s room, I heard a deep voice talking to him,” Sud said.

    His wife also noticed that the Nest thermostat had been turned up to a frightening and dangerous 90 degrees.

    Sud said he brought his son, now sweaty and awake, downstairs to the living room, when another Nest camera activated and someone began cursing at them.

    “The moment I realized what was happening, panic and confusion set in, and my blood truthfully ran cold,” Sud said. “We don’t know how long someone was in our Nest account watching us. We don’t know how many private conversations they overheard.”

    Sud, an avid user of smart home technology, said he has two Nest thermostats, 16 Nest cameras and a security system installed in his home.

    Nest, which is owned by Google, said its systems were not breached.

    “These recent reports are based on customers using compromised passwords” that were exposed on breaches on other websites, a Google spokesperson said.

    Google and cyber security experts said smart home technology users should use unique passwords and two-factor authentication to eliminate the security risk. Two-factor authentication is a method that requires users to confirm identities, often by providing codes sent to a cell phone or other device.

    Sud said he did not have two-factor authentication enabled because he didn’t know it was an option. Sud said Google and Nest should have alerted him of this added level of protection and notified him when someone else accessed his account.

    “It was simply a blame game where they blamed me, and they walked away from it,” Sud said.

    Sud said he wants to return $4,000 worth of Nest products and be reimbursed. Above all, Sud is sharing his story to warn other consumers.

    A Google spokesperson sent NBC 5 Investigates a statement: “We take security in the home extremely seriously, and we’re actively introducing features that will reject compromised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials. We’re always exploring ways to make sure that users are informed and know how to keep their devices and accounts safe.”