Last summer, I moved into a furnished studio apartment in New York City, my first without roommates. Yet, after days of unpacking and finally settling in, I realized I wasn’t alone.
Amid the quiet, I heard a distinctly older, male voice, though I couldn’t decipher what it was saying. That’s when I noticed a cylindrical Amazon Alexa (which didn’t belong to me) in the corner of the room, her yellow ring of light pulsating. Was someone listening? I texted my landlord to identify the disembodied voice. “Oh god,” he said. “That was my dad. So embarrassing, lol.”
Alexa was still hooked up to my landlord’s family network, and his father had mistakenly sent a voice memo to all connected devices. We had a good laugh, then I swiftly unplugged Alexa and placed her on the bookshelf, dormant and unlit. If I could hear others, could they also hear me? I wasn’t willing to take that risk.
With smart tech, our home appliances have become much more vocal: our washing machines can text us when our clothes are done; we can chat with our crockpots and microwaves. But what are the security implications? If Alexa is always listening (which she most definitely is), could our toasters be listening too?
Here are some home devices whose privacy concerns might outweigh their high-tech features.
Leaving our pets at home became a bit easier with the advent of pet cameras, which allow us to spy on (and sometimes feed) our fur babies from anywhere. But live camera feeds can pose a security threat.
In 2021, Mashable reached out to several top pet camera companies, including Furbo and Petcube, to ask how they protect user privacy. Furbo declined to respond, while Petcube said their engineers follow vulnerability reports and issue regular updates. They also said their networks are restricted, and consumer data is protected with a unique token, preventing employees from accessing it without user consent. Still, according to experts, if some companies are not taking those same precautions, it’s a distinct possibility that employees could access user feeds and data.
The takeaway: Do some research and choose your pet cam provider wisely, and keep your software up to date (updates patch up known vulnerabilities) so you know it’s more secure.
Amazon’s Ring, a popular doorbell camera, allows users to see who’s at your door from the comfort of your phone. Unfortunately, Ring has been abused by threat actors and just generally bad people who’ve hacked into the cameras to spy, spew hate speech, or launch violent threats.
Amazon rolled out end-to-end encryption for Ring last summer, making it much more difficult for hackers to access your device or the snapshots it captures. However, some users have a different privacy concern: Ring works with public agencies through their Neighbors app, allowing law enforcement to request footage from users.
The takeaway: If you use WiFi to access your remote doorbell, use a VPN to ensure more network privacy. And remember that Ring is not the only remote doorbell app available. In fact, The Verge put together a comprehensive list that offers a number of alternatives. The article also notes that users can opt out of sharing footage with public agencies.
Sometimes the risk of smart devices is something more physically destructive. In 2020, Digital Trends spoke with a cybersecurity researcher about the possibility of home devices getting hacked, and the results were…unexpected. According to the researcher, Dennis Giese, hackers can tap into a smart vacuum and reconfigure the batteries to charge at a high voltage, possibly causing the batteries to burn. A threat actor could potentially recalibrate the heat sensor to alter its maximum temperature, preventing the failsafe from kicking in.
When Giese performed this hack, he was able to access other, more sensitive devices within the same local network, like cameras or data storage units.
The takeaway: A vacuum hack serves as a reminder to only connect your smart devices to a private network, and connect through a firewall to help prevent malware attacks. Use a separate network for your vacuum than you would for more sensitive devices.
If you’ve ever wondered when life would feel like The Jetsons, that time has arrived. Our kitchens can now be fully equipped with IoT (Internet of Things) appliances, which opens them up to security vulnerabilities.
As Newsweek put it, “a network is only as strong as its weakest device.” Though rare for refrigerators (and not so dangerous), all voice-activated and WiFi-configured devices can be hacked. Even a coffee maker, when connected to WiFi, can be hacked, but as your personal data is not stored in a coffee maker, a hacker is more likely to spill your coffee than your secrets.
The takeaway: If you’re a fan of voice-automated tech, enabling it for these appliances is not likely to be harmful. As with your vacuum, remember to use a secure connection when enabling WiFi for your refrigerator and coffee maker.
Unlike other home appliances, a smart TV collects a lot of data about its users, like our viewing habits. Your streaming services are all in one place on a smart TV, meaning that your preferences can be easily tracked, compiled, and sold to advertisers. Smart TVs use automatic content recognition (ACR), which is why you receive targeted ads and content suggestions. Additionally, many smart TVs are equipped with cameras and microphones for video conferencing or facial recognition. If your TV is connected via WiFi, it’s possible for a hacker to infiltrate your network and access your camera, similar to how hackers manipulated Ring doorbells.
Aside from your favorite shows, there is plenty of other data stored on a smart TV, especially if you use apps and web browsing on the device. A single set of credentials for all of your accounts through a smart TV means just one point of entry for hackers, and a plethora of data they can access.
The takeaway: Make sure your TV is connected through a secure network. Utilize a personal password manager to create secure logins for each of your apps and your smart TV. If you buy a used TV, restore it to factory settings to ensure malware has not already been installed.