They’re called smart devices for good reason
That new flat screen you bought to watch the big game can do much more than show instant replays. The inconspicuous voice assistant perched on your kitchen counter can listen in to your conversations and even record them while it dims the lights. These devices are part of the growing Internet of Things (IoT)—gadgets that connect to the web and control home features. Listening to discussions sounds a little creepy but remember your voice command or “Wake Word” is required to activate them. So, yes they listen. The question is who controls the privacy of your speech and personal data; the answer can be disturbing.
Over 40 billion IoT devices could be in use by 2027. Video doorbells, DVR recorders, baby monitors, automatic door locks, and kids’ toys are some options. Add smart TVs, connected washing machines, thermostats, and internet-savvy refrigerators into the mix, and there’s almost nothing an IoT device cannot control. Whether or not that’s a good thing depends on your security expectations.
Relying on default passwords?
Most internet-connected devices come loaded with a default password, but California and the U.K. have recently taken the lead in opposing this practice. Generally, multiple devices in a manufacturing run have identical default codes that often grant broad access.
Many initial passwords reside on the internet. Roughly 15% of all buyers never change these defaults. Another subset of owners utilizes common passwords featured in hacker cracking dictionaries, to give hackers a hand. Anyone who employs 123456, “password” or “qwerty” for their code might as well be handing a hacker the key to their device. Don’t be one of them. Don’t reuse your login data on multiple websites, either; thieves collect stolen credentials and can use them to get IoT access.
Take control of your own data
Government agencies have started to focus on IoT privacy issues but much of the responsibility currently lies with end-users.
Last Thanksgiving, the FBI issued another warning about IoT products urging Black Friday shoppers to investigate the eavesdropping capacity of each smart TV on their list. Strangers spied on what users were watching and even displayed obnoxious and inappropriate videos on their screens.
The FBI’s top advice:
- Run a Google search of each model along with the words “privacy,” “camera” and “security.”
- If the product has a camera or microphone, determine whether you can turn these features off.
- Explore how manufacturers will update software if there is a security bug.
Researchers at Princeton and the University of Chicago discovered that certain streaming services could ignore ad blockers or other options to restrict data gathering. In some cases, the only solution is to disconnect from the internet.
Locate the smart devices around you
First security step: determine the number of devices in your life and categorize them. Chromecast and other streaming devices might land in one category. Your new refrigerator or TV could belong in an appliance group and home security devices a third. Group them because it’s often wise not to have all devices interconnected.
Your smartphone can point out nearby smart devices. Check available Wi-Fi and Bluetooth; you may discover your fridge, coffee pot, and an automated baby crib need more protection.
Choose the right settings
Determine how each device connects to the internet—Bluetooth or Wi-Fi. Then consider these steps:
- Confirm that your device can call 911 in an emergency if commanded. That’s not a universal skill.
- Choose a unique username. Admin is NOT a smart choice.
- Do regular scans for new devices that could piggyback on your network.
- Utilize options like Do Not Disturb hours, recording kill switches and other privacy restrictions where available.
- Turn off features like voice purchasing on your security devices.
- Check for updates or security patches for all IoT products routinely.
IoT devices have wormed their way into our lives at an amazing rate. Most of us cannot imagine living without them, but that doesn’t mean we must surrender all privacy. Don’t be swayed by marketing-driven testimonials that play on emotions like fear. These devices are not as benign as some makers would have us believe. Privacy needs to be an integral part of the equation; to date, security still lags.
Take control of your privacy
Don’t let fear keep you from enjoying your voice assistant. Learn to control your private conversations and secure your data by understanding how to navigate the built-in privacy settings of your favorite digital assistant.
If you need help or have questions about deleting your personal data, IDShield can walk you through the process to ensure your private information remains private. Our Licensed Private Investigators are fully certified information privacy professionals who are ready to guide you through online dangers with a one-on-one consultation.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.