Do you feel like, lately, your smart TV is spying on you? You might be right! It’s true that the chances are very slim. But it’s not impossible.
All our internet-connected devices collect data about us and the environment we live in. Some scan our faces, record our voices, or memorize how often we access certain applications.
Others track our sleep and measure its depth. And later communicate this data online.
In these conditions, could we still have privacy in a house equipped with smart technology?
Find out from this episode of the Stay Cyber Safe campaign who and how uses the information collected from us.
How it all began
Initially, the Internet could only be accessed using a computer.
Then, in the late 1980s, American computer scientist John Romkey adapted a toaster to be turned on and off using the Internet. It was a big step forward. But it still took decades for technologies to develop spectacularly.
Today, the technology needed to access the Internet is installed in both mobile phones and many other devices such as vacuum cleaners, televisions, washing machines, alarms, locks, surveillance cameras, and many more.
To carry out their tasks, these objects can connect to the Internet and communicate with each other online, with some autonomy, without human intervention.
The vast network of interconnected objects is called the Internet of Things. Or, in English, the Internet of Things (IoT).
Statista estimates that, in 2021, there were 13.8 billion objects connected to the IoT worldwide. And by 2025, this number is expected to increase to about 30.9 billion.
This means that, on average, next year we will have 4 smart objects connected to the IoT for each inhabitant of the planet.
How IoT-connected devices work
Each smart device has sensors that evaluate what is happening around it.
Most devices have sensors that specialists call "general coverage." That is, microphones and cameras.
However, there are also devices equipped with specific sensors necessary for their tasks. Such as thermometers, pulse monitors, hygrometers, etc.
With these sensors, the smart device measures certain parameters. Then, it sends the data to a cloud storage space, where it is analyzed. That space is used by the device's creators or those managing it.
Based on the analysis results and the response received, other components of the smart device, called "actuators" by specialists, trigger an action. Such as turning on the light or starting to heat the water in a boiler to reach the desired temperature for the house's residents.
In a home, smart devices can be connected in a network. If they come from the same manufacturer, it's even simpler.
For example, Google has the Nest app, from which all smart devices it produces can be controlled: speakers, alarms, locks, doorbells, cameras, streaming adapters, and so on.
You can also use smart devices in your home that are not compatible with this network. However, you will need to control them using different apps on your mobile phone or computer.
The goal remains to integrate as many devices as possible into a single network.
This way, your smart home will know when to turn on the light and at what intensity, when and how much to increase the temperature, whom to open the front door for, and what playlists to suggest based on the mood it detects you have.
The most vulnerable devices in the house
Cybersecurity experts at Avira have concluded that smart TVs and speakers are the most vulnerable and targeted smart devices in a home.
Smart TVs do more than deliver audiovisual content, like their predecessors.
A smart vacuum intercepted conversations without a microphone
In 2020, a mixed team of researchers from Singapore and the US state of Maryland managed to record conversations and music using a smart vacuum that didn't even have a microphone.
What are your devices doing? Have they been recruited into an "evil army"?
In the mid-2000s, cybersecurity experts began discovering structures they called "botnets."
These are large networks of computers, phones, and IoT devices that have been infected with malware and have come to be remotely controlled online by cyber attackers.
The owners of the devices usually do not know that they have been infected and that attackers are controlling them remotely to cause harm. They only notice that, in some cases, the devices are functioning worse than they should. This is understandable, as part of the device's capabilities are being used by the cyber attackers who control it.
Such networks provide attackers with brute force to send spam, launch DDoS attacks (overloading a server with messages until it crashes), steal personal data, mine cryptocurrencies, and much more.
Governments or criminal groups can rent botnets from hackers when they want to launch powerful attacks.
Over the years, in recent years, cybersecurity experts have discovered more and more of these networks.
The largest one so far was Mariposa (Butterfly, in Spanish). When dismantled by authorities in 2019, that botnet network encompassed 13 million infected devices from over 190 countries.
How can you tell if your device is part of a botnet? Install a security solution. Most of them detect the unjustified high consumption of device resources and identify the malware with which cyber attackers have attacked.
Expert's Advice. How to Choose Secure IoT Devices
Silviu Stahie, a cybersecurity specialist at Bitdefender, explained to spotmedia.ro that - although the technical capabilities of attackers can be formidable - we should not necessarily fear all existing threats.
"Security vulnerabilities exist. And technical solutions to exploit them can be created.
Do you remember Pegasus (spyware created by the Israeli army) that could be installed on iOS without the iPhone owner doing anything or realizing that someone else had taken control of the phone?"
The problem is that such products used by attackers cost a lot, somewhere between 500,000 and 1,000,000 euros.
And their creator will be able to sell the product to a few clients, who will use it effectively only until cybersecurity companies notice the problem and build defense solutions. Then, that product loses its value.
The cybersecurity expert also pointed out that if we want to do everything in our power to be safe and protect our privacy, we should evaluate IoT devices before purchasing them.
"We can search online if the device manufacturer, in general, and the product we want to buy have had cybersecurity issues in the past. And if they have, have they since resolved them? Because if they have taken the necessary measures, obviously, it's a plus.
Check devices that are very important, such as the router, through which all data traffic passes. Does our router receive security updates? Many routers do not update. Therefore, they do not use all the resources they can access to defend against cyber threats," Silvius Stahie added.
Also, the way we use devices that have browsers and with which we can download applications matters.
But even so, we still need to be careful. For example, at one point, I had a weather application that requested access to calls. What could my call log have been used for to provide me with weather data? I didn't think I needed to grant access. So, I uninstalled it.
Or we can take the example of surveillance cameras. I also have cameras at home. But whenever I get home, I turn off the cameras. Why should they film inside the house when I'm already there? What else could they be used for?"
If we want to maintain our privacy, we need to learn such a routine," Silviu Stahie concluded.
Top 7 Things to Do to Protect Your Privacy Without Giving Up IoT Devices
Here are the main things you can easily do to enjoy technology without major risks to your privacy:
- Before buying a new device, search on Google for information on how secure it is. And make sure it either hasn't had major cybersecurity issues or has resolved them
- Choose a strong password for the application you use with each IoT device. And remember it using a password manager. It's easy to do, find out how here.
- When buying a new device, ask in the store - whether physical or online - how to navigate through security settings and activate those that suit you
- If your IoT device has a video camera, close it when not in use. Don't leave it open all the time
- Turn off the microphones of IoT devices when not using voice commands
- If the IoT device has a browser, use it to download apps only from the sites of their producers. This way, you reduce the risk of installing malware
- Don't become paranoid! Most likely, no one is listening to you or filming you in your own home. But it's good to take all security measures to avoid unpleasant surprises