Google opens up Advanced Protection Program to Nest devices

The move follows integration with services including Android and Chrome.
Written by Charlie Osborne, Contributing Writer

Google has opened up the Advanced Protection Program (APP) security suite to Nest devices. 

The Advanced Protection Program was originally introduced to provide an additional layer of security for Google accounts considered to be at a higher risk of compromise or cyberattacks, such as those used by journalists, lawyers, political figures, and civil rights group members.

Over time, the scheme has been expanded to include additional Google services, including GSuite, the Google Cloud Platform, and the Chrome browser. In March, the tech giant expanded APP to cater to Android devices.

See also: Black Lives Matter: Turning words into action

Now, APP has entered the smart home. Google's Shuvo Chatterjee, Product Manager of APP said on Monday that the scheme, of which anyone can now sign up, now extends to Nest products including the camera and security system range.  

Previously, users were not able to connect their Google accounts to the APP program and Nest home devices at the same time. Seamless integration, therefore, has been constantly requested by users, the executive says. 

"We want as many users as possible to benefit from the additional levels of security that the program provides," Chatterjee says. 

Google's APP-Nest integration follows reports of vulnerabilities in Nest security cameras and device hijacking, including a case in Wisconsin involving a couple reportedly subjected to taunts made by a hacker through their Nest camera.

CNET: DEA reportedly authorized to 'conduct covert surveillance' of George Floyd protests

The introduction of the Advanced Protection Program to the Nest family also builds upon recent changes made by Google to try and bolster the security posture of its products. 

Google has already rolled out login notifications to Nest users to warn them when a login attempt has been made, and back in February, the tech giant rolled out two-factor authentication (2FA). Anyone that has not enrolled in the scheme or moved their Nest account to a Google account will need to perform extra security checks via email. 

TechRepublic: How to protect your organization against Business Email Compromise attacks

reCAPTCHA Enterprise was also recently integrated with Nest accounts to mitigate the risk of credential stuffing attacks, in which stolen or easy-to-guess credentials are automatically applied to devices in order to hijack them. When passwords are changed on Nest products, Google now also performs a search on behalf of users to see if they have potentially been exposed in third-party data leaks.

The worst IoT, smart home hacks of 2020 (so far)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards