If companies like Amazon, Google, or Facebook fail to provide adequate protections, they could face lawsuits and government crackdowns over their technology
Alexa, Google Home, and Apple's Homepod are the convenient smart speakers that do our bidding within our homes, but who has access to the data we provide? Concerns over surveillance and data breaches have generated alarm over the amount of personal information we store in home technology, including our location, our home layout, and our voice. Such wariness is understandable, with Google Home Mini initially listening to its owners in the bathroom and uploading the data to Google's servers. After it was exposed as a glitch, the fault was quickly corrected, but the tech's capability of listening in when deactivated is proven.
However, Jake Williams, founder and president of cybersecurity firm Rendition Infoseek, says the average user isn't likely to be targeted by hackers. "Would-be attackers] don't care what you're talking about at home, they're looking to monetize data." He adds, "The level of effort to do it is too high in the vast majority of cases. Your average American just isn't that interesting."
In order to steal data from a home device, a would-be hacker would need "undetectable audio commands, eavesdropping software and targeting devices connected on a network." Since home tech doesn't store information as sensitive as credit card information, social security numbers, or passwords, it's simply not worth the effort. Of course, there are exceptions, as hackers could opt to target individuals in order to extort ransom payments for the data, but these instances are unlikely and rare.
Of greater concern is a massive data breach at one of the company clouds where customers' information is stored. While individual users can set up two-factor authentication and limit the number of external services they link to their home devices, once the information is collected and stored it's up to the company to provide protection. If companies like Amazon, Google, or Facebook fail to provide adequate protections, they could face lawsuits and government crackdowns over their technology, according to Bloomberg Law. Class action lawsuits, regulatory enforcement, and publicity damage could obviously harm company revenues if a data hack were not prevented.
Melissa Kern, piracy and information security law partner at FrostBrown Todd LLC,said, "If there is a security breach that results in unauthorized access to the personal data they have collected, whether due to a security flaw or not." As a result, Amazon and Google run product security tests to check for major flaws. Large tech companies also test the data transfer between personal devices and the cloud, in order to curb vulnerabilities to hacking.
Of course, there are steps consumers can take to protect their information. The straight forward protections include the smart user management. As consultants advise, "For those who are concerned that Google Bots are listening to everything you say, you might find some comfort in knowing that Google Home listens and even processes who is talking locally. It uploads information to the cloud when the wake word, 'OK, Google' or 'Hey, Google,' is spoken or when you long press the touch interface at the top of the device (except for Mini)." Google Home also has indicators that alert you when the device is listening in.
Ultimately, it's up to the consumer to make smart and secure choices with their data. Limiting how many devices are linked to private accounts is an easy but powerful first step. The data clouds hold all the information the device interprets, whether insignificant, unintentional, or highly sensitive.
With high tech security measures becoming the norm, you'd think we'd be a lot safer.
From smartphones to smart cars to smart hotels, the market for interconnectivity has never been higher. The ability to control the majority of one's home from an app– everything from the thermostat to the alarm system– is ubiquitous. There are definitely benefits to this tech; speed, comfort etc.- but are our attempts to make everything smart leaving us vulnerable?
When it comes to smart homes, the technologies involved can vary, but more often than not they're centered on security. Some using motion-sensing technology to automatically turn on cameras. Others contain sensors for all types of issues including flood water, burglary, smoke, and carbon monoxide. The requisite paranoia required to purchase one of these systems aside, there is a growing concern that these security programs can be hacked and easily monitored by would-be burglars. While self-driving cars are still a work in progress (Uber just killed a woman with one of theirs), hackers were able to shut down security features on a Jeep and prove how connected utilities are just as easy to hack as anything else connected to the Internet. The same principle can applied smart homes.
Alexa and her hackable friends
On one end of the hacking spectrum, you have a previous home's owner. There are currently no standards in place to prevent a seller from having access to their old home's smart features. This means the flickering of your lights and the constant opening and closing of your home's garage door could be part of a prank by the last person living in your house. This can also leave home owners vulnerable to burglary, though the police would probably have an easy time cracking that case. Burglary is more likely to occur from an outside force, one that you haven't met and agreed to purchase a house from. That said, tech savvy burglars could have just as easy a time robbing you while you're at work or on a vacation.
Direct denial of service (DDoS) attacks have been used to disrupt the Internet connection for entire corporations, and can now, via the Internet of Things (IoT), be accomplished with ordinary devices such as TVs and washing machines. When these devices were designed, many of the companies hectically released them without putting much thought into their (the devices) security. There are now over six billion everyday items connected to the Internet, with IoT spending to hit around 1.7 trillion by 2020. But how and why would burglars perform cyber attacks on smart homes, when it'd be just as easy to break a window wearing facemasks and steal as much as they can carry before the police arrive? While burglars could perform DDoS attacks on homes and shutdown security systems, this could raise suspicions, as homeowners might notice that their cameras and motion sensors aren't working. Burglars can however, hack into less obvious devices and use them as a means of surveillance, casing their target at a safe distance. Recently, it was discovered that the MyQ garage door system could be hacked and used to spy on homeowners, alerting hackers when the door opens and closes, and giving them the ability to reopen the door after residents leave. This sort of thing is much more useful to burglars performing smash and grab robberies and makes it far too easy for robbers to keep track of a homeowner's schedule.
New security systems are at risk.
So, what can you do?The fact of the matter is, smart homes are no more or less secure than regular homes. If someone is dedicated to robbing your house, they're going to find a way to get the job done. That said, smart homes do provide a baseline of coverage against standard, non-tech savvy burglars and having visible cameras on the outside of your house can be a serious deterrent. If none of the devices in your house are smart though, it might be worth it to wait until cyber-security measures become standard before buying that new app-controlled washer. As for alarm systems, at this point the old school systems that alert the police department via a landline rather than the Internet are far safer and effective. Like anything though, it's important to do your research before buying.