Earlier this week, members of a popular New York-based Facebook moms’ group swapped stories about their indoor Nest cameras acting strangely.
One woman expressed serious concern over the camera’s blinking green light at time when neither she or her husband was watching the livestream.
Another responded: “Two days ago this happened to us,” she wrote. “It was blinking green and I freaked out. We unplugged it yesterday to regroup, we reset all of our passwords, our WiFi password. When we plugged it back in, it was already blinking again immediately.”
It was not, as they feared, a hacker turning the cameras on remotely.
On Friday, Google told CNN Business a bug had impacted some of its Nest indoor and outdoor cameras from Saturday, January 25 through Thursday, January 30. The glitch caused the cameras to behave as if someone was accessing the live view mode – turning on the green indicator light – when in fact they weren’t. The issue has since been resolved, according to the company.
“We’re aware of an issue that caused a small amount of Nest cameras to incorrectly indicate they were being viewed even after the live stream was closed,” a Google spokesperson said in a statement. “This was not a breach of any Nest cam systems and no authorized parties were accessing these camera feeds.”
The company said it had responded to an influx of complaints to its call center and on social media stemming from the issue. Google declined to share how many users were affected.
The spokesperson said the light also blinks when the camera is experiencing connectivity trouble – an issue I’ve experienced firsthand.
A few weeks ago, the Nest camera’s light in my toddler’s bedroom came on. Assuming my husband must have been sweetly monitoring us from downstairs, I smiled. But minutes later, I found him fast asleep on the couch – his phone on the other side of the room.
I ran back upstairs, unplugged the monitor, reset the password, set up two-factor authentication and made it so only I could access the Nest app remotely.
My mind went straight to the December news story about a hacker who accessed a Houston couple’s baby monitor and threatened to kidnap their child.
A Google spokesperson said recent reports like that are based on customers using compromised passwords that are exposed through breaches on other websites.
“In nearly all cases, two-factor verification eliminates this type of security risk,” the spokesperson said.
But the lack of clear messaging around these issues is only fueling consumer concern, experts say.
“Companies need to ensure consumers are buying products they feel are secure and protected,” said Jonathan Collins, research director and smart home analyst at ABI Research. “That can take a whole range of issues like educating users or better management of devices or putting more details into the app about how the camera is operating.”
And while a hacker might not be watching your baby sleep, incidents like that do in fact occur. Collins noted bad actors can weave together valuable information from hacking cameras, such as when you come from work or the things you say. They could create a profile of who you are that can be used nefariously – potentially in the form of identity theft.
It’s why people, including Mark Zuckerberg, opt to cover their laptop web cams with stickers. Other smart home devices could be used as part of a larger attack, too, and work alongside security cameras. After all, a hacker speaking through a Nest cam could easily tell Amazon’s voice assistant Alexa to order a ton of stuff off the internet.
“It’s a market where security hasn’t been a leading priority, and that increasingly needs to shift,” he said.
Google said it is actively introducing “features that will reject compromised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”