After a spate of device hacks, Google beefs up Nest security protections

Google has added its line of Nest smart home devices to its Advanced Protection Program, a security offering that adds stronger account protections for high-risk users like politicians and journalists.

The program, launched in 2017, allows anyone who signs up access to a range of additional account security features, like limiting third-party access to account data, anti-malware protections and allowing the use of physical security keys to help thwart some of the most advanced cyberattacks.

Google said that adding Nest to the program was a “top request” from users.

Smart home devices are increasingly a target for hackers largely because many internet-connected devices lack basic security protections and are easy to hack, prompting an effort by states and governments to help device makers improve their security. A successful hack can allow hackers to snoop in on smart home cameras, or ensnare the device into a massive collection of vulnerable devices — a botnet — that can be used to knock websites offline with large amounts of junk traffic.

Although Nest devices are more secure than most, its users are not immune from hackers.

After a spate of reported automated attacks targeting Nest cameras earlier this year, Google began requiring that Nest users must enable two-factor authentication. Google said its systems had not been breached, but warned that hackers were using passwords stolen in other breaches to target Nest users.

Other device makers, like Amazon-owned Ring, were also targeted by hackers using reused passwords.

While two-factor authentication virtually eliminates these kinds of so-called credential stuffing attacks, Google said its new security improvements will add “yet another layer of protection” to users’ Nest devices.

A US House candidate says she was hacked — now she’s warning others