The Nest Secure system had secret microphone that can now make the Nest Guard security hub double as Google Assistant device. Happy Safer Internet Day!?! Credit: Nest Labs If your IoT device secretly contained a microphone, which was previously undocumented, would you be happy when the device maker announced an over-the-air update that can enable the microphone for virtual assistant voice functionality? That’s what happened with the security alarm system Nest Secure.@nest where in any of the nest guard product materials does it mention a microphone? Have I had a device with a hidden microphone in my house this entire time?— Me (@treaseye) February 4, 2019We included a microphone in the Nest Guard with features such as the Google Assistant in mind. It has not been used up to this point, and you can enable or disable it at any time using the Nest app.— Nest (@nest) February 4, 2019When announcing that a software update will make Google Assistant available on Nest Guard, Google added, “The Google Assistant on Nest Guard is an opt-in feature, and as the feature becomes available to our users, they’ll receive an email with instructions on how to enable the feature and turn on the microphone in the Nest app. Nest Guard does have one on-device microphone that is not enabled by default.”Nest Secure owners have been able to use Google Assistant and voice commands, but it previously required a separate Google Assistant device to hear your commands. I suppose it depends upon your outlook on if you are happy or creeped out that your security system secretly had an undocumented microphone capable of doing the listening all along.Google didn’t really focus on the “surprise there was a microphone hidden in the Nest Guard brain of your Nest Secure” angle, preferring a take on how Google Assistant and Nest Guard can help you out. The announcement concluded with: “We’ve built Nest Secure around you and the way you live, so you won’t be able to disarm the system using your voice. With the Google Assistant built in, your security system is now even more helpful.” More cybersecurity newsKid’s creepy smartwatch recalled as hackers can locate and talk to kidsWhile we are on the topic of potentially creepy IoT devices, it would be remiss not to mention the European Commission’s recall of the Enox Safe-Kid-One smartwatch, which poses a “serious” risk to kids since attackers could locate or even communicate with kids wearing the high-tech watch. The watch has GPS, a microphone, a speaker, and an accompanying app. The recall is believed to be the first ever recall based on a product not protecting user data. Not only did the European Commission determine that Safe-Kid-One “does not comply with the Radio Equipment Directive,” but “the mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.”The Commission added, “A malicious user can send commands to any watch, making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”Safer Internet DayTo celebrate Safer Internet Day, Google suggested using its “new Password Checkup Chrome extension.” In this first version of Password Checkup, which was developed “so that no one, including Google, can learn your account details,” Google explained, “If we detect that a username and password on a site you use is one of over 4 billion credentials that we know have been compromised, the extension will trigger an automatic warning and suggest that you change your password.”In another Safer Internet Day post, Google mentioned a new survey (pdf) that found that 69 percent of the 3,000 Americans polled would give themselves an A or B grade when it comes to protecting their online accounts, yet 52 percent admitted to still reusing passwords. Despite only 32 percent of those surveyed being capable of correctly defining phishing, password manager, and two-step verification, 59 percent believe their online accounts are safer from threats than the average person’s. Thirty-three percent still don’t regularly update their software or even know if they update their apps.Clearly, there’s still a great deal of room for improvement on how to stay safe online. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe