It’s official: we talk to computers, and they answer. We ask them to tell us the weather, refill an order for more toilet paper, make a dinner reservation, and look up trivial information. And, we do this with increasing regularity.
According to Juniper Research, there were 2.5 billion digital voice assistants in 2018, and that figure is set to explode to 8 billion by 2023. Digital assistants like Amazon Alexa, Google Home, Ring doorbells, and DTEN smart TVs have flaws that pose cybersecurity and privacy risks.
As an American, the U.S. Constitution affords you the fundamental right to privacy in your own home. But, as technology ventures further into the world of home automation and smart devices, you may be compromising some of these freedoms in exchange for the conveniences they provide.
Privacy Concerns: Is Your Smart Device Spying on You?
“Spying” might be a strong word, but your home’s smart devices are certainly listening. It’s how the technology is designed to work.
A smart device allows you to control various parts of your home (lights, thermostats, appliances) and browse the web by using the sound of your voice. Most have a “wake word” (OK Google, Alexa, Siri, etc.) that will bring them to attention to process your request. It can’t hear your wake word if it isn’t listening for it, which is where things get disturbing.
Unfortunately, most smart devices are vulnerable to hackers in some shape or form.
Amazon Alexa and Google Home
Senior security consultants at SRLabs have demonstrated some serious vulnerabilities in Amazon Alexa and Google Home smart speakers. Technicians created and uploaded phishing apps that passed Amazon’s and Google’s security-vetting processes.
An app, such as a daily horoscope reading, would give the consumer the impression that it had stopped working. It would either continue to listen to the user or, mimicking the “voice” of the smart device, ask the consumer for their password to install an update.
Amazon’s Ring Doorbells have been hacked so many times that a number of privacy and consumer groups issued a warning about the products in December 2019. Nonprofit advocacy group Fight for the Future warns consumers that, based on scores of past incidents, Ring devices could allow hackers to steal wifi passwords.
DTEN Smart TVs
DTEN is a certified hardware provider for the popular video conferencing service Zoom. Used on smart TVs in business conference rooms around the world, this hardware has known flaws that could allow hackers to bug meetings and steal information from digital whiteboards. A security team identified five bugs in the systems last summer, but just three of those have been patched.
How You Can Avoid Getting Hacked by Smart Spies
Smart devices come with a variety of features and settings. It’s a good idea to spend some time reading the terms and conditions when you set up your device. Further, you can avoid getting hacked by smart spies by taking some simple precautions.
1. Watch What You Connect
Not every appliance, light, and function in your home or office needs to be “smart.” If you’re tempted, ask yourself what benefits you’ll get as well as the potential risks you’re taking. For example, having a smart lock on your front door seems pretty risky.
2. Harden Your Security
You can create a separate and secure network in your home for smart devices so that it isn’t the same as the one you use to access and surf the internet. All of your smart devices should also be protected with a strong password and two-factor authentication to avoid remote access.
3. Allow Auto Updates
Check that your smart devices are using the latest firmware. You can do this through the app for each device. You’ll also want to enable auto-updates to resolve any vulnerability in the devices.
4. Limit Purchasing
If you’re not going to use your smart device for purchases, turn off this feature in the settings. Otherwise, set up additional security before allowing a purchase, such as a PIN code. Further, make sure you get confirmation emails after a purchase, so you’ll know if your security has been compromised.
5. Be Careful What You Share
Remember that a smart speaker in your room is always listening. Knowing this, it’s probably no longer a good idea to read your credit number, password, or Social Security number out loud. If you must do this, turn off the device or go into another room.
What to do If Your Smart Device Gets Hacked
In early 2019, a number of Google Nest thermostat devices became the target of hackers who took over speakers and cameras in consumer’s homes. While there isn’t any firm figure on how many homes were impacted, those who suddenly had a stranger speaking to them were understandably disturbed.
If you find that one of your smart devices has been hacked, the first thing you should do is change your network and device passwords. Then, go through the list we provided above to harden your home cybersecurity system to prevent a repeat performance.
When a data breach occurs, a business could be held liable if they were careless in the way that information was accessed or stored. This could open up a company, such as Google or Amazon, to a civil lawsuit, and we’re likely to see more of these in the coming years.
The Federal Trade Commission (FTC) encourages consumers to file a complaint if they believe they’ve been a victim of identity theft, fraud, or deceptive or unfair business practices. You can do this online or by calling the FTC’s Consumer Response Center at 1-877-FTC-HELP (1-877-382-4357).
Before you connect a new smart device in your home or office, it’s essential to understand the potential privacy implications. If you believe that your privacy has been violated, you may want to consult with an experienced and knowledgeable data security specialist or data privacy attorney about your rights and options.