Can you overcome your smart home privacy concerns?
- By: Ashley Saunders
- November 2021
As more of us add connected devices to our homes, there are growing privacy concerns. For some, these smart home privacy concerns aren’t worth considering, while others won’t add any connected devices due to the risks of a data breach being too high.
A device might seem harmless, but what happens if the wrong person hacks into your smart home system and learns about your expensive wine collection or that you have matching his and her Rolex watches.
Thankfully, most of us retain a healthy level of paranoia when it comes to tech and privacy concerns. Generally, we worry about the data devices collect and what that reveals about us. However, we don’t let this anxiety impact our decisions.
One way to address your smart home privacy concern is to research the topic. You can then use the information to inform your future choices and to enable you to ask better questions next time you buy a smart device.
Let’s explore the typical smart home privacy concerns associated with connected devices and how to correctly deal with these in a positive way that doesn’t involve binning devices or wearing a tinfoil hat.
Why should you be concerned about your privacy?
Whether or not you realise it, nearly all of our devices collect and forward information to multiple parties. You could track what you eat using an app, have a smart electricity meter or drive an electric car. All collect continually collect data.
If you have an Amazon Echo and use Alexa or use Google Assistant on your phone, then you’re being listened to constantly. These smart assistants listen for certain voice commands to activate them and take action based on what you ask.
As these services use cloud computing, they record you and pass that information to the servers that in turn execute your command. These devices rarely store any data on themselves.
A single service storing data might not be that big of an issue. However, combining data from several devices could reveal unwanted information about a user. Each additional connected device added could compound the issues and create even more smart home privacy concerns.
How your data is managed, controlled and used by devices and organizations should concern you or at least spur you into research. All stakeholders should understand and be able to manage the security risk that each device presents.
It’s equally important that consumers assert control and have even a basic level of knowledge of the privacy concerns inherent in smart devices. The end-user shouldn’t rely on the manufacture to police and control the data they collect. Instead, all should be involved.
Should you bin your smart devices?
As our lives are intertwined with smart devices, it’s folly to suggest that the solution is to bin them all. Many of us interact with at least three devices daily. You could use a smartphone, work laptop and a smart TV. By 2030, some estimate that we’ll each own 15 connected devices.
It’s worth acknowledging that some devices, such as your home’s smart meter are connected by default. Typically, these are managed by the company and not the user. However, you should still take an active interest in how they use and transmit your data.
Above all, data should be handled securely, regardless of where the device is in its life cycle. We must be able to trust how our devices operate and handle data.
The burden of keeping devices up to date usually falls to the user. So, it’s critical for you to regularly install new firmware and security patches. While these demands typically are unfulfilled by the user, they are necessary to ensure a secure and trustworthy IoT (Internet of Things) environment.
As we become more aware of smart home privacy concerns, it’s worth starting to research these issues. There is a growing need for tools that enable identifying, verifying, and controlling the data the devices are collecting and sharing.
Five most pressing smart home privacy concerns
Rebecca Herold, a cyber security and privacy expert based in the USA asserts the five common problem areas for IoT security and privacy are:
- Most smart devices do not have security or privacy controls built in to protect sensitive data transmissions
- Manufacturers are using and sharing your data collected through their devices and apps
- Most smart devices have listening turned on by default
- Devices are accessible through online connections
- Manufacturers have horrible privacy notices that are vague and usually inform you that you have no rights over your own data.
All of these, sadly, applies to the UK and EU markets. It’s worth discussing each of these points in more detail.
#1 Most smart devices do not have security or privacy controls built-in to protect sensitive data transmissions
The few that do have built-in controls do not have them set to be secured by default. For most devices, it’s up to the user to adjust the settings and turn on these security features. By assuming these are on by default, the users leave themselves wide open to unauthorized access.
Ideally, your smart devices should have the following security and privacy features built-in and enabled by default:
- Strong encryption for data in storage and in transit
- Multi-factor authentication
- Activity logging
- Device management user interfaces.
#2 Manufacturers are using and sharing your data collected through their devices and apps
Your data will be widely shared, whether you knowingly agreed or not. The manufacture will use any data it collects throughout their business as well as with third parties. You’d probably be surprised how many companies have access to the data.
Once data leaves the device, the user has essentially lost all control over how that data will be used and shared. You could find your data shared with the government, the cloud computing provider, and social networks.
#3 Most smart devices have listening turned on by default
To be able to “hear” the trigger words (“Hey Google”, “Alexa”), the device must always be listening. Some devices, especially smart speakers, have been found not only to be listening all the time but also storing recordings of all that is said and can be heard.
Of course, manufacturers dispute this, claiming that devices only record short clips after the trigger word is spoken, and these clips are stored temporarily in their servers.
However, this doesn’t align with the fact that these vendors have large teams of humans who daily analyse recordings to learn more about the types of conversations taking place. This data helps to improve the systems and devices.
#4 Devices are accessible through online connections
Many popular IoT devices, including many that aim to improve physical security, actually have no authentication or encryption. It can be easy to find some of these devices using tools such as Shodan.
With a few simple clicks, potential attackers can establish a direct connection to these devices while bypassing any firewall restrictions. Many devices also have vulnerabilities that allow for unauthorized peeking by cyberstalkers.
#5 Manufacturers have horrible privacy notices that are vague and usually inform you that you have no rights over your own data
Even with GDPR in full force, the global picture of your privacy is less than ideal. Many feel that their smart home privacy concerns are not being met, yet these same people continue to buy devices that spy on them.
A critical problem with privacy notices is that few read them and if you do, you might assume that they are the same across all of the brand’s products. Typically, newer products come with updated privacy notices that only apply to that product or generation of product.
While this is frustrating, spare a thought for our US friends. They have different privacy laws and disclosure requirements for each state with some, such as California, giving more power back to consumers. This complexity makes addressing smart home privacy concerns even more difficult.
The situation is unlikely to change soon as manufacturers aren’t held to account for their poor privacy practices and so are in no hurry to fix these concerns. It will take time and consumer pressure for vendors to ensure they include rigorous privacy and data security controls in devices.
How to address basic smart home privacy concerns
There are a few steps you can take to address your smart home privacy concerns.
The first step is to isolate your home automation system from your other networks. Thankfully, this is relatively easy to do as you can set up guest networks for your smart home devices.
For example, your smart fridge is hacked and becomes part of a botnet that sends spam or mines cryptocurrencies. However, since it occupies a discrete network, the hackers won’t be able to access your emails or bank account.
Secondly, you’ll want to ensure that the access, control and delivery devices on your network are secure. These include smart speakers, your internet router, computers and your smartphone. If your smartphone is hacked or stolen, your home security system could be compromised.
Here are a few simple ways to secure your computers and phones:
- Use your smartphone‘s screen lock. Doing so ensures no one can access it without the code.
- Password protect your computers and smartphones. Use strong passwords that are difficult to guess. (avoid birthdays, sports team or maiden name).
- Change your router’s default username and password. Stop hackers from being able to guess the device or network you’re using. Use WPA authentication to create a secure network.
- Use firewalls on computers and your router. Most routers have a firewall built into their hardware, but you first must enable it.
- Update your existing router. If it doesn’t offer good security features, replace it with one that does.
- Keep software up to date and apply security patches often. Outdated software has vulnerabilities that are easy for hackers to exploit. Don’t make yourself an easy target.
Upgrade the security of your smart devices
With the basic smart home privacy concerns addressed, it’s worth securing individual connected devices:
- Change the default passwords. It doesn’t take a genius to find a device’s default password, especially if they own the same product. It’s nearly as bad as having no password at all.
- Changing the passwords every six months. You can significantly increase your security by changing passwords.
- Change the wake word on voice-activated devices. Change from “OK Google” or “Alexa” to something unique, so that an intruder will be unable to access your system.
- Before buying new devices, research its security protection. You should know how often the manufacturer provides firmware updates. Unsupported devices are an easy target. So, you need to be sure you’ll be protected against emerging threats.
- Buy smart home devices from reputable suppliers. Instead of buying a cheap Chinese brand, stick to big names Samsung, Google or Amazon, who invest heavily in improving device security.
- Always keep devices updated. Even if devices update automatically, it’s still worth checking your devices are using the latest firmware. If you need to, check the manufacturer’s website to find and download updates, but this is time worth spending.
- Consider which devices should be connected. If you don’t use the connected functionalities of your coffee maker or oven, use the device offline.
- Turn off Universal Plug and Play (UPnP). Most smart devices have this feature, which enables them to find other smart devices and connect to them automatically. However, UPnP protocols are vulnerable to outside attack, allowing criminals to gain control of multiple devices after hacking into one.
- Check the permissions for apps running on your devices. Anything that asks for permission to edit your router’s settings is a potential security threat.
- Be wary of cloud storage for devices. You are at risk if a service uses cloud computing. Before using cloud technology, ensure you understand the right measures to take to secure your data and privacy.
Will the future smart homes offer greater privacy?
As more connected devices come on the market, it’ll like that smart home privacy concerns will continue until there is significant consumer lobbying for brands to improve their security and privacy controls.
By the end of 2021, it’s estimated that 25 billion smart devices will be in use, including smart light bulbs, power sockets, doorbells, cameras and appliances. Your smart home has the potential to deliver total and flexible control. However, it’s up to you to ensure it’s secure and private.