Or, due to the publicity, NEST push out an update or take other steps to increase security?
It sounds to me like you intensely dislike someone having an opinion that differs from yours. Good luck with that.
Wait, which is it?
His only legal recourse really would have been to inform NEST - what do you think the chances are that they'd do something about it?
Not at all. I'm fine with differing opinions. But when someone condones illegal actions, unethical behavior, etc, because they see some "greater good" I start looking very hard at what's going on. There are a lot of people out there today who seem to think that when someone else does something that they feel is wrong, that it's a justifiable reason for doing more wrong. And what's more, other's are accepting these excuses and giving them a pass for their own transgressions.
I don't think that anyone can objectively look at this and not see that the researcher took liberties that he didn't need to take. At the very most you can say that he at least motivated the man in Arizona to change his passwords on his computers and maybe some accounts. Not a bad thing except that he could have just sent the man an email. If the man's personal information really was compromised the researcher could have added a link to the information if he wanted to open the guy's eyes. He did not need to violate the man's camera system in order to help him out if that was his motivation.
But if his motivation was to try and make a "splash" and as you said, create publicity to motivate NEST into fixing their vulnerabilities, are you sure the vulnerability is in NEST's software, or is it a problem in other code that is licensed or free for NEST to use?
Are there other camera systems like NEST's that don't have the same vulnerabilities? If so, why the difference?
Maybe you should look at how NEST works with real Security Researchers;
https://hackerone.com/nest
If you’re a security researcher and think you’ve found a security vulnerability, we want to hear about it right away. We ask that you give us a reasonable amount of time to respond to your report before making any information public. Please don’t access or modify user data without permission of the account owner and act in good faith not to degrade the performance of our services (including denial of service). If you comply with these requests, we won’t take legal action against you.
https://nest.com/support/article/KRACK-vulnerability
http://fortune.com/2017/03/07/nest-thermostat-security/
I think this doesn't sound like Alphabet isn't doing anything about their security issues with NEST products. In fact, as I read the article again, I come to realize that this White Hat didn't actually hack the camera, or exploit a vulnerability, he used a password that he got from hacked passwords gained from websites with poor security. He used a known password from compromised third parties, no vulnerability at all was exploited in the NEST camera. He lied to this man, he wrongly convinced him to shut off his camera. He could have just told the guy that one of his passwords was out there and he should change his passwords.
Tell me I'm wrong.
Last edited: