Spying Smart Home Devices

About this Newsletter : In this week's edition Spying Smart Home Devices is the center of discussion

Smart devices are interactive electronic gadgets that understand simple commands sent by users and help in daily activities. Some of the most commonly used smart devices are smartphones, tablets, phablets, smartwatches, smart glasses and other personal electronics. While many smart devices are small, portable personal electronics, they are in fact defined by their ability to connect to a network to share and interact remotely. Many TV sets and refrigerators are also therefore considered smart devices.

Spying Smart Home Devices

Sometimes, this surveillance is marketed as a feature. For example, some Wi-Fi routers can collect information about users' whereabouts in the home and even coordinate with other smart devices to sense motion. Manufacturers typically promise that only automated decision-making systems, and not humans, see your data.

But even limiting access to personal data to automated decision-making systems can have unwanted consequences. Any private data that is shared over the internet could be vulnerable to hackers anywhere in the world, and few consumer internet-connected devices are very secure

Have you ever felt a creeping sensation that someone's watching you? Then you turn around and you don't see anything out of the ordinary.Depending on where you were, though, you might not have been completely imagining it. There are billions of things sensing you every day. They are everywhere, hidden in plain sight – inside your TV, fridge, car and office. These things know more about you than you might imagine, and many of them communicate that information over the internet.Back in 2007, it would have been hard to imagine the revolution of useful apps and services that smartphones ushered in. But they came with?a cost in terms of intrusiveness and loss of privacy.As?computer scientists?who study?data management and privacy, we find that with internet connectivity extended to devices in homes, offices and cities, privacy is in more danger than ever

?Because many of these Internet of Things (IOT) devices have microphones and cameras that are always online, they’re?an inviting target for hackers?who can use them?to spy on us.

'I'm Santa Claus': Man hacks Ring camera in 8-year-old girl's bedroom, taunts her This increasing connectivity also results in a growing loss of privacy, as these smart devices collect and share data with the manufacturer and others. It’s “a goldmine of data about how they’re being used — and increasingly who is using them,” digital security expert Adam Levin wrote?in a recent article for Inc.

And that tradeoff is not always apparent or clearly understood by the person living with the device.Smart devices need to gather certain types of data to work properly and improve their performance. But in many cases, privacy experts argue, too much information is being collected and shared with third-party companies.

“We know there's a lot of money being made by collecting and packaging our data,” said Ashley Boyd, vice president for advocacy and engagement at?the Mozilla Foundation. "Our position is: Let consumers opt in to that kind of data collection, rather than opt out. Our concern lies in the lack of transparency or even basic information about the data that's being collected.”

The?Consumer Technology Association?(CTA) acknowledges the growing concern about privacy and says steps are being taken to make people feel safe and comfortable using connected devices.

“The industry is committed to strong consumer data privacy protections and transparency,” said Mike Bergman, CTA’s vice president of technology and standards. “These devices do provide a lot of benefits, but we understand that consumers need to trust the products they're bringing into their homes.”

It's incumbent upon consumers to recognize just how many different kinds of sensors they are bringing into their homes — whether it's microphones, video cameras or just devices that are capturing all sorts of data about them and their guests.

Researchers read privacy policies, looked at product and app specifications, and contacted companies about their encryption to answer these important questions:

·??????Is there a privacy policy and how accessible is it?

·??????Does the product require strong passwords?

·??????Does it collect biometric data?

·??????Are there automatic security updates?

While smaller companies often don’t have the resources to prioritize the privacy and security of their products, many of the big tech companies, such as Apple and Google, are “doing pretty well at securing their products,” the report concluded. “But even when devices are secure, they can still collect a lot of data about users.

PRIVACY POLICIES NEED IMPROVEMENT

Few of us read the privacy policies for the smart devices we buy. They’re way too long and difficult to read.

DO YOU REALLY NEED A SMART DEVICE?

Connectivity sells products, so manufacturers are flooding the market with all sorts of household appliances and wearable devices that are web-enabled. You need to ask yourself, is the risk to your privacy or safety worth the benefits?

“In some cases, we're connecting stuff to the Internet that we don't necessarily need to connect,” said Charles Henderson, head of IBM’s X-Force Red security testing team. “Is the risk of compromise worth the reward of being able to see the inside of your refrigerator from across town?”

Henderson suggests doing this risk vs. reward analysis for all the smart technology you consider bringing into your home. You need to consider the increased risk to your privacy that comes from having devices with microphones and cameras spread throughout the house.

“You expect these devices to be used for the intended purposes, but they can certainly be abused — and you may not know it,” Henderson cautioned. “It's not like there’s a big light on top of your voice assistant that flashes red when a criminal is inside.”

?What these things know about you

Smart devices collect a wide range of data about their users. Smart security cameras and smart assistants are, in the end, cameras and microphones in your home that collect video and audio information about your presence and activities.

On the less obvious end of the spectrum, things like smart TVs use?cameras and microphones to spy on users, smart lightbulbs?track your sleep and heart rate, and smart vacuum cleaners?recognize objects in your home and map every inch of it.

Sometimes, this surveillance is marketed as a feature. For example, some Wi-Fi routers can collect information about users' whereabouts in the home and even?coordinate with other smart devices to sense motion.

Manufacturers typically promise that only automated decision-making systems and not humans see your data. But this isn't always the case. For example, Amazon workers?listen to some conversations with Alexa, transcribe them and annotate them, before feeding them into automated decision-making systems.

But even limiting access to personal data to automated decision making systems can have unwanted consequences. Any private data that is shared over the internet could be vulnerable to hackers anywhere in the world, and?few consumer internet-connected devices are very secure.

Understand your vulnerabilities

With some devices, like smart speakers or cameras, users can occasionally turn them off for privacy. However, even when this is an option, disconnecting the devices from the internet can severely limit their usefulness.

You also don't have that option when you're in workspaces, malls or smart cities, so you could be vulnerable even if you don't own smart devices.

Therefore, as a user, it is important to make an informed decision by understanding the trade-offs between privacy and comfort when buying, installing and using an internet-connected device.

This is not always easy. Studies have shown that, for example, owners of smart home personal assistants?have an incomplete understanding?of what data the devices collect, where the data is stored and who can access it.

Governments all over the world have introduced laws to protect privacy and give people more control over their data. Some examples are the?European General Data Protection Regulation (GDPR)?and?California Consumer Privacy Act (CCPA).

Thanks to this, for instance, you can?submit a Data Subject Access Request (DSAR)?to the organization that collects your data from an internet-connected device. The organizations are required to respond to requests within those jurisdictions within a month explaining what data is collected, how it is used within the organization and whether it is shared with any third parties.

Limit the privacy damage

Regulations are an important step; however, their enforcement is likely to take a while to catch up with the ever-increasing population of internet-connected devices. In the meantime, there are things you can do to take advantage of some of the benefits of internet-connected without giving away an inordinate amount of personal data.

If you own a smart device, you can take steps to secure it and minimize risks to your privacy.

The Federal Trade Commission offers?suggestions on how to secure your internet-connected devices. Two key steps are updating the device's firmware regularly and going through its settings and disabling any data collection that is not related to what you want the device to do. The Online Trust Alliance provides additional?tips and a checklist for consumers?to ensure safe and private use of consumer internet-connected devices.

If you are on the fence about purchasing an internet-connected device, find out what data it captures and what the manufacturer's data management policies are from independent sources such as?Mozilla's Privacy Not Included. By using this information, you can opt for a version of the smart device you want from a manufacturer that takes the privacy of its users seriously.

Last but not least, you can pause and reflect on whether you really need all your devices to be smart. For example, are you willing to give away information about yourself to be able to?verbally command your coffee machine to make you a coffee?

?Listen and Learn

Many smart appliances today, particularly smartphones and virtual assistants like Alexa and Google Home are equipped with voice command capabilities. They can, therefore, listen to and record your comments and conversations even after they’ve carried out your original command. Concerns about devices turning on voice command by themselves and listening even when you do not enable the feature have also been raised. The question then is: What actually happens when your smart device is listening? How much information gets recorded, and where does this eventually end up in?

To help you understand how vulnerable this makes you, consider a listening app called “Alphonso.” You can’t download it directly from Google Play or the App Store, but it?comes with some games and apps?that you can install. While you or your child are playing games on your smartphone, Alphonso comes to life and listens to what you are watching on TV. It then records this information and sends it to some server somewhere, and the data is analyzed to build a profile about your TV-viewing habits. But if that doesn’t seem wrong to you, then how about this: Alphonso continues to listen for TV signals even when you are not playing the game it came in with.

Alphonso proves that devices can listen to what you say and do. Now, what’s to stop devices from gathering other data? They can be made to look at chat and text messages or your calendar, for example. Everything about you would be fair game. Now here’s where it gets even more frightening: What if the data the devices collect isn’t just so they can send you the right ads?

Infiltrating Your Home

Now, if that still doesn’t seem creepy to you, consider the case of Alexa and Google Home. As it turns out, these two popular smart home platforms have?security gaps that hackers can exploit to spy on your conversations. They may even trick users into handing over sensitive information. Security experts have been raising alarms over these vulnerabilities since last year. For their part, Google and Amazon have responded quickly to address issues. But just as quickly, hackers spotted other holes to exploit in the systems.

Compounding this problem are the armies of third-party app developers for these platforms. Google and Amazon provide developers with access to their systems’ features and functions so they can develop custom apps. Unfortunately, these are like wide-open back doors through which threat actors can enter. They then can manipulate the platforms to fall silent but still remain active, capturing every word you speak that can potentially land you in some sort of?phishing?trouble.

Taking Control

Alas, this seems to be the price we have to pay for the convenience that technology gives us. Every technological advancement will naturally attract exploiters. Personal data is a prized commodity. So we should expect any information resulting from our interactions with technologies would be collected, processed, and used by someone else for whatever purpose. We should thus take steps to protect ourselves from this eventuality.

First, we can no longer allow our devices and apps to take control by default. We need to understand how they are set up, particularly their privacy settings. We should also look into customizing “wake” words for smart assistants so that third parties do not have access to them.

?The Age of Robots

Science fiction writers have predicted a robotic revolution for many decades, but the reality of that revolution looks very different. The age of robots may be here, but it has taken the form of a personal assistant rather than a robot set out on a mission to conquer the world.

The Dark Side of the Robotic Revolution

While in-home and in-office robots may be convenient, there is a dark side to the robotic revolution.?As they improve our lives, devices like Alexa, Google Home and Siri pose a number of privacy risks and data vulnerabilities.?If you want to protect yourself and your data, you need to understand these vulnerabilities – and prevent these connected devices from becoming inadvertent spies.

With each new leap in technology comes a subset of unscrupulous people with their sights set on an angle to exploit it –?more specifically the people who use it. The robotic revolution is definitely no exception. And unfortunately, many smart devices – (particularly household related), offer little protection in terms of security.

What is Considered a Smart Device?

Smart devices are everywhere, but there is still a great deal of confusion about what these devices are and what risks they pose to consumers.

One defining factor of smart devices is their ability to share data, connect to the internet and interact with other devices. A smart device could take the form of a smartphone, thermostat, refrigerator, door lock, speaker, light switch, or even coffee pot.

But when it comes to privacy concerns, thanks to a handful of viral news stories, Alexa and Google Home might immediately come to mind above all else.

Smart Devices in the News

• One news story in particular centered on a family whose Alexa device not only?recorded a private conversation, but sent the conversation to one of their smartphone contacts.The Alexa case is still being investigated, but Amazon claims that a series of?unlikely events?converged to create the scenario. Just how unlikely that scenario really is remains to be seen, but many Amazon fans are deeply skeptical of the company’s claims.
• To add insult to injury, there have been a number of high profile cases where?smart televisions were spying on their owners?using built-in cameras to record what was happening in the room – and sending that information to third parties.
• Even?baby monitors?have been implicated in smart device scandals, leaving new parents worried about their privacy – and the safety of their children.
• Unfortunately, even?seemingly innocent toys?are not immune from the dangers of spying. Your child may have one of those CloudPets, but those plush toys are not as innocent as they look. These high-tech stuffed animals have proven to be very hackable, putting the security of their young owners in jeopardy.

How to Prevent or stop Smart devices to Spy on you ?

Beware of your smart TV

Last February, Consumer Reports (CR), a non-profit research organization, released a report after conducting a thorough study of smart TVs made by popular brands that are currently in the home of consumers.?What CR found was that plenty of smart TVs are very prone to hacking and data collection (many smart TVs have the capability of?listening to your conversations?for ad purposes). If you own a smart TV, one recommendation made by the organization is that you disable your TV’s internet functions and use it just like any regular TV. It may not sound fun, and you may miss out on some features, but if you’re concerned about privacy, it’s the safest way to go.

Turn off WiFi when you leave

Keeping your Wi-Fi on 24/7 makes it easier for cybercriminals to hack your devices and inject them with spyware. This is why you should turn off your router when you’re not using it, like when you’re out of the house.?Doing so will not only minimize the chances of hackers hijacking your systems, but it will also lower your utility bills. And who doesn’t want to save money?

Delete your data

Voice assistant devices like the Amazon Echo and Google Home?record all your voice conversations?to make it easier for the device’s AI to follow your instructions. So that your data doesn’t get stolen and used against you, make it a point to delete it on a regular basis.

With Amazon’s and Google’s voice assistants, this is easy to do. Just log into your account on the manufacturer’s website or app and delete your data from there. You can also mute the device when it’s not in use so as it isn’t listening to what you say.

Disable your microphone and camera

Your laptop’s microphone and camera can be hacked and used to snoop on your activities at home, without you even knowing. This may sound a bit far-fetched, but it’s way more common than you’d think. Counter these attacks by deactivating your microphone and camera when you don’t need them.

When your camera is not in use, cover it with dark-colored tape. This way, even if a hacker manages to access it (they do so via phishing emails where you click on a spammy link that looks legit, but in fact, it merely installs spyware on your device), they won’t be able to see anything. You can also buy anti-spy laptop camera covers, which only cost a few dollars.

To disable your mic, go to your computer’s list of devices. Look for the microphone, and disable it from there. Just enable it once you need it for voice calls on services like Facetime or Skype.

Update all of your devices

Just like we update our computers to the latest software to help prevent security vulnerabilities, you should do the same for your smart home devices. Remember: these devices were designed to make your life simpler and more convenient; security is often an afterthought. As vulnerabilities are detected (and there are many), new software will be released to patch the issues. Make it a habit to check your apps and download all available updates; in some cases, you may need to visit the device’s website directly and download the firmware from there.

Utilize the protection of a firewall

Smart home products are not like a computer or phone, where you can download and use a VPN directly on the device itself to encrypt the data and shield it from hackers. Smart home devices are connected directly to the internet, which is why it’s imperative you’re connected via a secure Wi-Fi router.?These routers contain a built-in layer of protection at the network level, meaning all devices that connect to it (IoT or not) will automatically benefit from its security.

Protect your privacy by adopting a more proactive cybersecurity strategy. Prevention is better than a cure, after all.

?

• One news story in particular centered on a family whose Alexa device not only?recorded a private conversation, but sent the conversation to one of their smartphone contacts.The Alexa case is still being investigated, but Amazon claims that a series of?unlikely events?converged to create the scenario. Just how unlikely that scenario really is remains to be seen, but many Amazon fans are deeply skeptical of the company’s claims.
• To add insult to injury, there have been a number of high profile cases where?smart televisions were spying on their owners?using built-in cameras to record what was happening in the room – and sending that information to third parties.
• Even?baby monitors?have been implicated in smart device scandals, leaving new parents worried about their privacy – and the safety of their children.
• Unfortunately, even?seemingly innocent toys?are not immune from the dangers of spying. Your child may have one of those CloudPets, but those plush toys are not as innocent as they look. These high-tech stuffed animals have proven to be very hackable, putting the security of their young owners in jeopardy.

?Why Smart Home Technology Poses Security Risks : Smart home technology thrives on the Internet of Things (IoT). The devices in a smart home are connected to the internet via a protocol. Information collected by these devices is saved in the cloud and organized to understand your behavioral patterns.

If all that data saved on your devices get in the wrong hands, you are exposed to danger. And with growing expertise in hacking, that’s a valid cause for concern.

The security breach in smart home technology happens in different ways and the degree of damages varies according to what's at stake. Here are several smart home technology risks and what you can do to prevent them.

1. Identity Theft : Hackers are getting more creative with their techniques by the day. Rather than gaining unauthorized access to your smart home security devices, they target the database of your service providers.

With your personal information at their disposal, they may steal your identity by retrieving your credit card information, social security number, and bank account number. Having gotten the information that they need, they proceed to make unauthorized transactions and purchases in your name. You might get into big trouble for something you know nothing about.

How to Prevent Identity Theft

Preventing identity theft begins with?protecting your personal information?and paying close attention to your billing cycle.

Most smart home devices are controlled on mobile phones. Activate the security features on your mobile phone to prevent unauthorized access. If you are connected to public Wi-Fi, use a?Virtual Private Network (VPN)?and install virus-detection software and firewalls on your computer.

2. Spying and Monitoring

Video and audio recording is a function of some smart home devices. Security cameras help you to keep an eye on your premises by capturing footage—letting you know what's happening even in your absence.

Similarly, audio devices like Google Assistant and Amazon Alexa eavesdrop on you, recording everything being said. Ordinarily, you have no cause to worry until there’s a security breach.

Hackers can gain unauthorized access to your smart home cameras and audio devices, and manipulate the system to give their commands. By doing this, they keep tabs on everything that you do or say and may use it against you.

How to Prevent Spying and Monitoring

To prevent intruders from spying and monitoring you via your smart home devices, you have to be mindful of how you use them. Begin by deleting your conversations so that they are not stolen.

Consider turning off your Wi-Fi when you aren’t at home or when you need absolute privacy so your system doesn’t record anything. Secure your internet connection by using a secure Wi-Fi router.

3. Location Tracking

The location of your home is private information that you only give to trusted people.

Smart home devices are connected to a Global Positioning System (GPS) tracking system that automatically detects the location of your home. The location signals collected by the GPS are meant to be private but since they are saved in the cloud, they are exposed to hackers. Unfortunately, anyone who goes the extra mile to find your home location might be up to no good.

How to Prevent Location Tracking

Hackers can track your location when they gain unauthorized access to your GPS. So, the best way to prevent anyone from accessing your location is to turn off your GPS. Use a dedicated network for your smart home devices—hackers can easily make a security breach when they share the same network as you.

4. Data Manipulation

Installing a surveillance camera at home keeps a watchful eye on your premises even in your absence. But the authenticity of such data is questionable especially when it can be altered by professional hackers.

Data transmitted via smart home devices is unencrypted. A scrupulous intruder could break into your home and get away with no evidence on your camera. They simply manipulated the data by replacing the original data with an altered version.

How to Prevent Data Manipulation

A good way to prevent data manipulation is to use an advanced security system with File Integrity Monitoring (FIM). The system automatically generates backup for footage and issues instant alerts when a data manipulation is detected. You can verify the integrity of the footage on your system by comparing it with the backup.

5. Third-Party Apps Flops

One of the?pros of having a smart home?is remote access. In most cases, this is made possible by third-party mobile apps integration.

When the apps are not properly secured, there’s a window for hackers to penetrate your devices for criminal or fraudulent activities. You’ll be shocked to find out that someone else is remotely controlling your devices at home.

How to Prevent Third-Party Apps Flops

Take note of the permissions that you grant to third-party apps during installations. Only enable access features that you need. Activate two-step authentication to further strengthen access to your account. Double-check all links that pop up. If you can’t verify the authenticity of a link, don’t click it.

Useful Links : Reference McAfee

?Anjoum Sirohhi