So the fact that a Hello owner’s camera feed randomly popped up on someone else’s Google Home Max screen when someone pressed the doorbell on it is pretty bad news. You expect a top-level service when you’re paying top whack, and it seems that Nest’s system (which is really Google’s now) is not as secure as it should be.
A Google Home Max owner on Reddit (and reported by Tech Radar) posted footage of the video clearing showing how many seconds it had been since the doorbell had been ‘rung’ and was confused because they don’t own a Nest cam, bar the one in the Google Home Max itself.
Recently Google announced that all Nest accounts would have two-factor authentication enforced for better security, but this latest security breach is unrelated to account access. The owner of the home Max confirmed on Reddit that the footage was not from a neighbour’s camera, and they didn’t recognise the location at all.
Indeed, it’s certainly not the first time cloud-based camera feeds have been shown to the wrong people. Back in January Google shut down access to Xiaomi Mijia cameras on its Home Hub smart displays, a problem which has since been resolved (via Android Police).
Within an hour or so, a Google employee had posted on the Reddit thread to “help”, but other users pointed out that such assistance isn’t usually available so quickly - and that it was only because “liability issues” were involved.
As of yet, Google hasn’t made any official comments about the breach.
While it is certainly a good idea to enable the two-factor authentication to help protect your account, if you’re worried about the security of your own Nest camera, specifically the Hello doorbell feed being shown to other users, then the only thing you can do is to turn it off in the Nest app.