fbpx
Contact Us

Are Our SMART Devices Really Spying On Us?

Go Back

The ‘internet of things’ (IoT) is the rather nondescript term that describes all the everyday household devices that can be connected to the internet (via our home WiFi). These devices are called ‘SMART’ devices and we can typically control them using our smart phones or tablets. Devices include things like kettles, fridge freezers, baby monitors, lights, burglar alarm systems, pace makers, central heating, alarm clocks, door locks, speakers, Nespresso machines, CCTV cameras, SMART watches, Fitbits and exercise gear, video game consoles, the list goes on…

Recent years has seen an explosion of these kinds of devices. Researchers forecast that by 2020 there will be as many as 21 billion connected devices used by businesses and consumers around the world. This surge in popularity is due to the convenience they bring and it has caused quite a stir in the cyber security community too, with some claiming it is the end of privacy as we know it (a little melodramatic for me)! I love IoT devices and the value that they can bring to us.

I don’t think it is going to be the security armageddon many believe it will be, however I do think there are certain types of product we should avoid and things to keep in mind when using these kinds of devices.

The security concerns with IoT devices exist for a number of reasons.

1. They are inherently insecure. Manufacturers prioritise functionality over security and this results in devices that are freely accessible to the internet and often have numerous vulnerabilities that hackers can easily exploit.

2. More Devices = More Vulnerabilities To Exploit. IoT devices means there are more devices we use that are connected to the internet and therefore more vulnerabilities. This is called an increase in ‘attack surface’ – the number of ‘in’ points a potential hacker could have.

3. They Tend to Collect Sensitive Data. These devices collect information that is inherently very close to our private lives and it’s amazing what can be deduced from seemingly mundane information. For example, CCTV recording captures when we are/aren’t at home (useful for burglars) and sensitive footage of us naked (used by sextortionists). Also, SMART TVs or ‘Alexa’ type products with voice activation features all listen to our conversations constantly to identity when we are speaking to them. All of this is recorded by the companies who sell these products. Attackers could use this kind of information to gain access to our most confidential parts of our lives.

There is even a search engine devoted to discovering these kinds of unsecured IoT devices, called Shodan. Much like Google, but instead displays non-traditional devices like SMART TVs that are connected to the internet and hackers use it to search for devices to attack. Worryingly, the top three most popular searches at time of writing (April 2017) are all directed at finding insecure webcams to try and hack into. The fourth most popular search is “default password”. I think you start to get the idea of what people are using tools like Shodan for – spying on (and recording?) unwitting people in their own homes. Alan and Jean, a couple from Leeds in the UK, discovered in 2018 that they were being spied on for years by thousands via their CCTV system they had installed in their house.

However, as always, when it comes to assessing if this is a risk to us, we need to ask ourselves – who would want to compromise my devices, what lengths would they go to and to what end? This is a big question so for brevity, I’ll keep it simple – for everyday people like us, I do not think the current risk to us is high for IoT devices. I think there is a lot of hype (much like the millennium bug for those who remember that) and you have to remember, security firms stand to make a lot of money from generating a feeling of nervousness around securing IoT devices. For me, I think we have bigger things to worry about. In the words of a Australian client of mine, “It’s not the alligator closest to the boat!”.

What do parents need to worry about?

Well, firstly don’t worry 🙂 You've now discovered SimpleCyberLife.com and if you follow the protection plans here you'll be fine!

Secondly, baby monitors, voice-activated stuff and ‘private’ devices (like sex toys) are probably a good place to focus your efforts.

When using any IoT device, sticking to a handful of general principles will help ensure our information remains as private as possible;

  • Change the default password. The instruction manuals of the particular devices should provide details on how to do this – if not, again google it for your product.
  • Turn off remote access. If you actually never use the remote functionalities of a particular device, then turn it off. This means it could never be used against you!
  • Secure your home WiFi. This is how IoT devices connect to the internet – we want to ensure your main ‘gateway’ to the internet is secure (see chapter Home WiFi Security).
  • Use a Passphrase for the Online Account. If the device uses storage in the cloud (which it likely does), ensure you use a strong passphrase to secure that account. Most breaches are from hackers getting into the online account associated with IoT devices, rather than getting access directly to the device itself.
  • Selective Purchasing. When buying new devices, check the technical details and ensure a sufficient level of network encryption should be used. Choose devices that use something called WPA2 and 128-bit encryption as a minimum.
  • Be aware of IoT devices that capture sensitive information. Be especially aware of using in-home CCTV or anything that records you in your own home. In-home CCTV will without a doubt capture things you wouldn’t want prying eyes to see, e.g. you (or your kids) simply getting changed. I suggest steering clear of home interior CCTV altogether unless there is a specific and pressing need. If you need CCTV stick to the traditional offline wired version. If you absolutely must get an online version I would recommend the Netgear Arlo Pro (£300).
  • Avoid any devices that purport to secure our physical security, such as door or window locks – stick to traditional non-internet connected products for now. The increase in convenience for me does not outweigh the risk it poses to our family members.

Hopefully this has given you some food for thought. We certainly shouldn’t be afraid of smart devices – some are super convenient!

I hope this has been insightful for you. If you liked it, please do spread the good word! Share it with your nearest and dearest.

Leave a Reply

Your email address will not be published. Required fields are marked *

Hacked Social Media Recovery Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips. You of course can unsubscribe at any time.

Free Protection Checklist!

Pop your email into the form below and we'll send you the link to your internet safety protection checklists!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Free Cyber Bullying Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips occasionally. You of course can unsubscribe at any time.

Free I've Been Hacked Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Top