PSA: If Your Nest Cam Doesn’t Have 2FA Enabled, Hackers Might Be Watching You

It is very unlikely that someone would hack your Nest cameras, but it happened. And if you don't turn on two-factor authentication on your Nest account, it could possibly happen to you.

Family Nest Camera was recently hacked and used to broadcast a fake emergency message on an impending missile strike from North Korea using the built-in speaker of Nest Cam – a weird way to use the pirated camera for sure .

Google claims that this hacking job was simply accomplished using a compromised password that was also used on another website that was breached. Enabling two-factor authentication would have prevented the Nest camera from being hacked.

RELATED: What is two-factor authentication and why do I need it?

There was also another instance of a Nest Cam (used as a baby monitor) compromising when the culprit started to shout words through the camera speaker. What is wrong with these people? It's just weird.

In short, Wi-Fi cameras can be hacked. That said, if you haven't enabled two-factor authentication for your Nest account, here's how to do it.

Go to in a web browser (unfortunately you can't do it from the app) and log into your account.

Tap your account profile in the upper right corner of the screen.

Select "Settings" from the drop-down list.

Scroll down and press the toggle switch under "Two-step verification".

Enter your mobile phone number and press "Send code". This is the phone number to which verification codes will be sent by SMS (two-factor SMS authentication) is not great, but it's absolutely better than nothing).

Enter the six-digit code that was sent to you and enter it in the boxes. Then press "Continue".

Press "Done" at the bottom to complete the configuration.

Now, every time you need to sign in to your Nest account, you'll receive an SMS with a code you enter.

Matt Linton via SwiftOnSecurity

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.